4.3

CVE-2014-3587

Exploit
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Christos ZoulasFile Version <= 5.19
Christos ZoulasFile Version5.00
Christos ZoulasFile Version5.01
Christos ZoulasFile Version5.02
Christos ZoulasFile Version5.03
Christos ZoulasFile Version5.04
Christos ZoulasFile Version5.05
Christos ZoulasFile Version5.06
Christos ZoulasFile Version5.07
Christos ZoulasFile Version5.08
Christos ZoulasFile Version5.09
Christos ZoulasFile Version5.10
Christos ZoulasFile Version5.11
Christos ZoulasFile Version5.12
Christos ZoulasFile Version5.13
Christos ZoulasFile Version5.14
Christos ZoulasFile Version5.15
Christos ZoulasFile Version5.16
Christos ZoulasFile Version5.17
Christos ZoulasFile Version5.18
PhpPhp Version <= 5.4.31
PhpPhp Version5.4.0
PhpPhp Version5.4.0 Updatebeta2
PhpPhp Version5.4.0 Updatebeta2 Edition32-bit
PhpPhp Version5.4.0 Updaterc2
PhpPhp Version5.4.1
PhpPhp Version5.4.2
PhpPhp Version5.4.3
PhpPhp Version5.4.4
PhpPhp Version5.4.5
PhpPhp Version5.4.6
PhpPhp Version5.4.7
PhpPhp Version5.4.8
PhpPhp Version5.4.9
PhpPhp Version5.4.10
PhpPhp Version5.4.11
PhpPhp Version5.4.12
PhpPhp Version5.4.12 Updaterc1
PhpPhp Version5.4.12 Updaterc2
PhpPhp Version5.4.13
PhpPhp Version5.4.13 Updaterc1
PhpPhp Version5.4.14
PhpPhp Version5.4.14 Updaterc1
PhpPhp Version5.4.15
PhpPhp Version5.4.15 Updaterc1
PhpPhp Version5.4.16 Updaterc1
PhpPhp Version5.4.17
PhpPhp Version5.4.18
PhpPhp Version5.4.19
PhpPhp Version5.4.20
PhpPhp Version5.4.21
PhpPhp Version5.4.22
PhpPhp Version5.4.23
PhpPhp Version5.4.24
PhpPhp Version5.4.25
PhpPhp Version5.4.26
PhpPhp Version5.4.27
PhpPhp Version5.4.28
PhpPhp Version5.4.29
PhpPhp Version5.4.30
PhpPhp Version5.5.0
PhpPhp Version5.5.0 Updatealpha1
PhpPhp Version5.5.0 Updatealpha2
PhpPhp Version5.5.0 Updatealpha3
PhpPhp Version5.5.0 Updatealpha4
PhpPhp Version5.5.0 Updatealpha5
PhpPhp Version5.5.0 Updatealpha6
PhpPhp Version5.5.0 Updatebeta1
PhpPhp Version5.5.0 Updatebeta2
PhpPhp Version5.5.0 Updatebeta3
PhpPhp Version5.5.0 Updatebeta4
PhpPhp Version5.5.0 Updaterc1
PhpPhp Version5.5.0 Updaterc2
PhpPhp Version5.5.1
PhpPhp Version5.5.2
PhpPhp Version5.5.3
PhpPhp Version5.5.4
PhpPhp Version5.5.5
PhpPhp Version5.5.6
PhpPhp Version5.5.7
PhpPhp Version5.5.8
PhpPhp Version5.5.9
PhpPhp Version5.5.10
PhpPhp Version5.5.11
PhpPhp Version5.5.12
PhpPhp Version5.5.13
PhpPhp Version5.5.14
PhpPhp Version5.5.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.24% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://php.net/ChangeLog-5.php
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
https://support.apple.com/HT204659
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://www.debian.org/security/2014/dsa-3021
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://secunia.com/advisories/60696
http://www.debian.org/security/2014/dsa-3008
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://secunia.com/advisories/60609
http://www.securityfocus.com/bid/69325
http://www.ubuntu.com/usn/USN-2344-1
http://www.ubuntu.com/usn/USN-2369-1
https://bugs.php.net/bug.php?id=67716
Patch
Vendor Advisory
https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233
Patch
Exploit
https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
Patch
Exploit
https://security-tracker.debian.org/tracker/CVE-2014-3587