NULL pointer dereference vulnerability in Fileinfo component in PHP before 5.6.0

NULL pointer dereference vulnerability in Fileinfo component in PHP before 5.6.0

CVE-2014-0236 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

Learn more about our Web Application Penetration Testing UK.