CVE-2014-0207
09.07.2014, 11:07
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| christos_zoulas | file | 𝑥 < 5.19 |
| php | php | 𝑥 < 5.3.29 |
| php | php | 5.4.0 ≤ 𝑥 < 5.4.30 |
| php | php | 5.5.0 ≤ 𝑥 < 5.5.14 |
| opensuse | opensuse | 11.4 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| file |
| ||||||||
| php5 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| file |
| ||
| file-devel |
| ||
| file-libs |
| ||
| file-static |
| ||
| php |
| ||
| php-bcmath |
| ||
| php-cli |
| ||
| php-common |
| ||
| php-dba |
| ||
| php-devel |
| ||
| php-embedded |
| ||
| php-enchant |
| ||
| php-fpm |
| ||
| php-gd |
| ||
| php-intl |
| ||
| php-ldap |
| ||
| php-mbstring |
| ||
| php-mysql |
| ||
| php-mysqlnd |
| ||
| php-odbc |
| ||
| php-pdo |
| ||
| php-pgsql |
| ||
| php-process |
| ||
| php-pspell |
| ||
| php-recode |
| ||
| php-snmp |
| ||
| php-soap |
| ||
| php-xml |
| ||
| php-xmlrpc |
| ||
| python-magic |
|
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References