Published: 09/07/2014 Updated: 28/11/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Buffer overflow in the mconvert function in softmagic.c in file prior to 5.19, as used in the Fileinfo component in PHP prior to 5.4.30 and 5.5.x prior to 5.5.14, allows remote malicious users to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.5.0
php php 5.5.1
php php 5.5.10
php php 5.5.11
php php 5.5.6
php php 5.5.7
php php 5.4.12
php php 5.4.17
php php 5.4.18
php php 5.4.24
php php 5.4.25
php php 5.4.5
php php 5.4.6
christos zoulas file 5.03
christos zoulas file 5.04
christos zoulas file 5.11
christos zoulas file 5.12
php php 5.5.2
php php 5.5.3
php php 5.4.0
php php 5.4.1
php php 5.4.13
php php 5.4.14
php php 5.4.20
php php 5.4.21
php php 5.4.28
php php
php php 5.4.9
christos zoulas file
christos zoulas file 5.00
christos zoulas file 5.07
christos zoulas file 5.08
christos zoulas file 5.15
christos zoulas file 5.16
php php 5.5.12
php php 5.5.13
php php 5.5.8
php php 5.5.9
php php 5.4.19
php php 5.4.2
php php 5.4.26
php php 5.4.27
php php 5.4.7
php php 5.4.8
christos zoulas file 5.05
christos zoulas file 5.06
christos zoulas file 5.13
christos zoulas file 5.14
php php 5.5.4
php php 5.5.5
php php 5.4.10
php php 5.4.11
php php 5.4.15
php php 5.4.16
php php 5.4.22
php php 5.4.23
php php 5.4.3
php php 5.4.4
christos zoulas file 5.01
christos zoulas file 5.02
christos zoulas file 5.09
christos zoulas file 5.10
christos zoulas file 5.17

Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...

Several security issues were fixed in PHP ...

File could be made to crash or hang if it processed specially crafted data ...

Multiple security issues have been found in file, a tool to determine a file type These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash For the stable distribution (wheezy), these problems have been fixed in version 511-2+deb7u4 For the testing distribution (jessie), these probl ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_se ...

A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash ...

acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this ...

A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file Buffer overflow in the mconvert function in softmagicc in file before 519, as used in the F ...

CWE-119 https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08 http://mx.gw.com/pipermail/file/2014/001553.html https://bugs.php.net/bug.php?id=67410 http://www.php.net/ChangeLog-5.php http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://support.apple.com/kb/HT6443 http://rhn.redhat.com/errata/RHSA-2014-1327.html http://www.debian.org/security/2014/dsa-3021 http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://www.debian.org/security/2014/dsa-2974 http://rhn.redhat.com/errata/RHSA-2014-1765.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://support.apple.com/HT204659 http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/68239 https://access.redhat.com/errata/RHSA-2015:2155 https://nvd.nist.gov https://usn.ubuntu.com/2276-1/https://access.redhat.com/security/cve/cve-2014-3478

Get Started

CVE-2014-3478

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect