VYPR
Unrated severityNVD Advisory· Published Jun 21, 2013· Updated Jun 16, 2026

CVE-2013-4636

CVE-2013-4636

Description

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • PHP/PHP17 versions
    cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*
    • (no CPE)range: <5.4.16

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.