CVE-2014-0207 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
redhat	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
christos_zoulas	file	𝑥 < 5.19
php	php	𝑥 < 5.3.29
php	php	5.4.0 ≤ 𝑥 < 5.4.30
php	php	5.5.0 ≤ 𝑥 < 5.5.14
opensuse	opensuse	11.4
debian	debian_linux	7.0
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

file

bullseye (security)	1:5.39-3+deb11u1 fixed
bullseye	1:5.39-3+deb11u1 fixed
bookworm	1:5.44-3 fixed
sid	1:5.45-3 fixed
trixie	1:5.45-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

file

trusty	Fixed 1:5.14-2ubuntu3.1 released
saucy	Fixed 5.11-2ubuntu4.3 released
precise	Fixed 5.09-2ubuntu0.4 released
lucid	Fixed 5.03-5ubuntu1.3 released

php5

trusty	Fixed 5.5.9+dfsg-1ubuntu4.3 released
saucy	Fixed 5.5.3+dfsg-1ubuntu2.6 released
precise	Fixed 5.3.10-1ubuntu3.13 released
lucid	Fixed 5.3.2-1ubuntu4.26 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

http://marc.info/?l=bugtraq&m=141017844705317&w=2

http://mx.gw.com/pipermail/file/2014/001553.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/59794

http://secunia.com/advisories/59831

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2974

http://www.debian.org/security/2014/dsa-3021

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/68243

https://bugs.php.net/bug.php?id=67326

https://bugzilla.redhat.com/show_bug.cgi?id=1091842

https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391

https://support.apple.com/HT204659

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

http://marc.info/?l=bugtraq&m=141017844705317&w=2

http://mx.gw.com/pipermail/file/2014/001553.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/59794

http://secunia.com/advisories/59831

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2974

http://www.debian.org/security/2014/dsa-3021

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/68243

https://bugs.php.net/bug.php?id=67326

https://bugzilla.redhat.com/show_bug.cgi?id=1091842

https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391

https://support.apple.com/HT204659