The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
28 Oct 2022, 23:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:* |
First Time |
File Project
Oracle linux File Project file Opensuse opensuse Debian debian Linux Debian Oracle Opensuse |
|
References | (CONFIRM) http://www.php.net/ChangeLog-5.php - Release Notes, Vendor Advisory | |
References | (MLIST) http://mx.gw.com/pipermail/file/2014/001553.html - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2014/dsa-2974 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1765.html - Third Party Advisory | |
References | (CONFIRM) https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 - Patch, Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - Broken Link, Mailing List | |
References | (BID) http://www.securityfocus.com/bid/68238 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://support.apple.com/kb/HT6443 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2014/dsa-3021 - Third Party Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=67412 - Issue Tracking, Patch, Vendor Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59831 - Not Applicable | |
References | (HP) http://marc.info/?l=bugtraq&m=141017844705317&w=2 - Issue Tracking, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1766.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59794 - Not Applicable | |
References | (CONFIRM) https://support.apple.com/HT204659 - Third Party Advisory | |
CWE | NVD-CWE-noinfo |
Information
Published : 2014-07-09 11:07
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3480
Mitre link : CVE-2014-3480
CVE.ORG link : CVE-2014-3480
JSON object : View
Products Affected
php
- php
file_project
- file
debian
- debian_linux
opensuse
- opensuse
oracle
- linux
CWE