5
CVSSv2

CVE-2014-0238

Published: 01/06/2014 Updated: 07/01/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP prior to 5.4.29 and 5.5.x prior to 5.5.13 allows remote malicious users to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

Vendor Advisories

Several security issues were fixed in PHP ...
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file ...
Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...
An improvement was made for PHP FPM environments ...
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development: CVE-2014-0185 The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code under the ...
The cdf_unpack_summary_info function in cdfc in the Fileinfo component in PHP before 5429 and 55x before 5513 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls The cdf_read_property_info function in cdfc in the Fileinfo component in PHP before 5429 and 55x before 5513 ...
The cdf_unpack_summary_info function in cdfc in the Fileinfo component in PHP before 5429 and 55x before 5513 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls The cdf_read_property_info function in cdfc in the Fileinfo component in PHP before 5429 and 55x before 5513 ...
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to ...
Multiple security issues have been found in file, a tool to determine a file type These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash For the stable distribution (wheezy), these problems have been fixed in version 511-2+deb7u4 For the testing distribution (jessie), these probl ...
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file Buffer overflow in the mconvert function in softmagicc in file before 519, as used in the F ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
Oracle Linux Bulletin - October 2015 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - January 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...

Github Repositories

CVEs, bugs, etc

CVEs disclosed libplist : [CVE-2017-5836] (githubcom/libimobiledevice/libplist/issues/86), bug91, bug92, Capstone Engine : CVE-2016-3160, CVE-2016-7151, bug730 , CVE-2016-4044 Facebook HHVM : CVE-2016-6870 , CVE-2016-6871 , CVE-2016-6872 , CVE-2016-6873 , CVE-2016-6874 , CVE-2016-6875 , CVE-2014-6228 , CVE-2014-6229 , Mozilla Firefox : CVE-2015-4512, bug1182496 , [F