4.3

CVE-2014-3487

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
File ProjectFile Version < 5.19
PhpPhp Version < 5.3.29
PhpPhp Version >= 5.4.0 < 5.4.30
PhpPhp Version >= 5.5.0 < 5.5.14
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OpensuseOpensuse Version11.4
OracleLinux Version7 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.93% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://www.php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Broken Link
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
https://support.apple.com/HT204659
Third Party Advisory
http://support.apple.com/kb/HT6443
Third Party Advisory
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory
Issue Tracking
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-3021
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://mx.gw.com/pipermail/file/2014/001553.html
Broken Link
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59794
Not Applicable
http://secunia.com/advisories/59831
Not Applicable
http://www.debian.org/security/2014/dsa-2974
Third Party Advisory
http://www.securityfocus.com/bid/68120
Third Party Advisory
VDB Entry
https://bugs.php.net/bug.php?id=67413
Patch
Vendor Advisory
Issue Tracking
https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
Patch
Third Party Advisory