Description
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-1999-1537)
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)
Oracle JRE CVE-2013-2461 Vulnerability (CVE-2013-2461)
WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)
WordPress Plugin WordPress Button Plugin MaxButtons Cross-Site Scripting (6.18)