Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Fileinfo组件代码注入漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。Fileinfo是其中的一个用于显示文件属性并支持批量修改其属性的组件。 PHP 5.6.4及之前版本的Fileinfo组件中的libmagic/apprentice.c文件中的‘apprentice_load’函数存在安全漏洞,该漏洞源于程序对stack-based字符数组尝试执行释放操作。远程攻击者可利用该漏洞造成拒绝服务(内存损坏或应用程序
CVSS Information
N/A
Vulnerability Type
N/A