CVE-2014-3587

EUVD-2014-3562
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
christos_zoulasfile
𝑥
≤ 5.19
christos_zoulasfile
5.00
christos_zoulasfile
5.01
christos_zoulasfile
5.02
christos_zoulasfile
5.03
christos_zoulasfile
5.04
christos_zoulasfile
5.05
christos_zoulasfile
5.06
christos_zoulasfile
5.07
christos_zoulasfile
5.08
christos_zoulasfile
5.09
christos_zoulasfile
5.10
christos_zoulasfile
5.11
christos_zoulasfile
5.12
christos_zoulasfile
5.13
christos_zoulasfile
5.14
christos_zoulasfile
5.15
christos_zoulasfile
5.16
christos_zoulasfile
5.17
christos_zoulasfile
5.18
phpphp
𝑥
≤ 5.4.31
phpphp
5.4.0
phpphp
5.4.0:beta2
phpphp
5.4.0:beta2
phpphp
5.4.0:rc2
phpphp
5.4.1
phpphp
5.4.2
phpphp
5.4.3
phpphp
5.4.4
phpphp
5.4.5
phpphp
5.4.6
phpphp
5.4.7
phpphp
5.4.8
phpphp
5.4.9
phpphp
5.4.10
phpphp
5.4.11
phpphp
5.4.12
phpphp
5.4.12:rc1
phpphp
5.4.12:rc2
phpphp
5.4.13
phpphp
5.4.13:rc1
phpphp
5.4.14
phpphp
5.4.14:rc1
phpphp
5.4.15
phpphp
5.4.15:rc1
phpphp
5.4.16:rc1
phpphp
5.4.17
phpphp
5.4.18
phpphp
5.4.19
phpphp
5.4.20
phpphp
5.4.21
phpphp
5.4.22
phpphp
5.4.23
phpphp
5.4.24
phpphp
5.4.25
phpphp
5.4.26
phpphp
5.4.27
phpphp
5.4.28
phpphp
5.4.29
phpphp
5.4.30
phpphp
5.5.0
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
phpphp
5.5.1
phpphp
5.5.2
phpphp
5.5.3
phpphp
5.5.4
phpphp
5.5.5
phpphp
5.5.6
phpphp
5.5.7
phpphp
5.5.8
phpphp
5.5.9
phpphp
5.5.10
phpphp
5.5.11
phpphp
5.5.12
phpphp
5.5.13
phpphp
5.5.14
phpphp
5.5.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bookworm
1:5.44-3
fixed
bullseye
1:5.39-3+deb11u1
fixed
bullseye (security)
1:5.39-3+deb11u1
fixed
sid
1:5.45-3
fixed
trixie
1:5.45-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
lucid
Fixed 5.03-5ubuntu1.4
released
precise
Fixed 5.09-2ubuntu0.5
released
trusty
Fixed 1:5.14-2ubuntu3.2
released
php5
lucid
Fixed 5.3.2-1ubuntu4.27
released
precise
Fixed 5.3.10-1ubuntu3.14
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.4
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://secunia.com/advisories/60609
http://secunia.com/advisories/60696
http://www.debian.org/security/2014/dsa-3008
http://www.debian.org/security/2014/dsa-3021
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/69325
http://www.ubuntu.com/usn/USN-2344-1
http://www.ubuntu.com/usn/USN-2369-1
https://bugs.php.net/bug.php?id=67716
https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233
https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
https://security-tracker.debian.org/tracker/CVE-2014-3587
https://support.apple.com/HT204659
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://secunia.com/advisories/60609
http://secunia.com/advisories/60696
http://www.debian.org/security/2014/dsa-3008
http://www.debian.org/security/2014/dsa-3021
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/69325
http://www.ubuntu.com/usn/USN-2344-1
http://www.ubuntu.com/usn/USN-2369-1
https://bugs.php.net/bug.php?id=67716
https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233
https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
https://security-tracker.debian.org/tracker/CVE-2014-3587
https://support.apple.com/HT204659