6.5

CVE-2014-0207

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Christos ZoulasFile Version < 5.19
PhpPhp Version < 5.3.29
PhpPhp Version >= 5.4.0 < 5.4.30
PhpPhp Version >= 5.5.0 < 5.5.14
OracleLinux Version7 Update-
OpensuseOpensuse Version11.4
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.85% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://www.php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Broken Link
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
https://support.apple.com/HT204659
Third Party Advisory
http://support.apple.com/kb/HT6443
Third Party Advisory
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-3021
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://mx.gw.com/pipermail/file/2014/001553.html
Broken Link
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59794
Not Applicable
http://secunia.com/advisories/59831
Not Applicable
http://www.debian.org/security/2014/dsa-2974
Third Party Advisory
http://www.securityfocus.com/bid/68243
Third Party Advisory
VDB Entry
https://bugs.php.net/bug.php?id=67326
Patch
Vendor Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1091842
Patch
Third Party Advisory
Issue Tracking
https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391
Patch
Third Party Advisory