Description
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
Remediation
References
Related Vulnerabilities
Squid Reachable Assertion Vulnerability (CVE-2023-49286)
WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)
WordPress Plugin Safe Editor Unspecified Vulnerability (1.1)