4.3
CVSSv2

CVE-2014-3480

Published: 09/07/2014 Updated: 28/11/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The cdf_count_chain function in cdf.c in file prior to 5.19, as used in the Fileinfo component in PHP prior to 5.4.30 and 5.5.x prior to 5.5.14, does not properly validate sector-count data, which allows remote malicious users to cause a denial of service (application crash) via a crafted CDF file.

Vendor Advisories

A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file ...
Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...
File could be made to crash or hang if it processed specially crafted data ...
Several security issues were fixed in PHP ...
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_se ...
Multiple security issues have been found in file, a tool to determine a file type These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash For the stable distribution (wheezy), these problems have been fixed in version 511-2+deb7u4 For the testing distribution (jessie), these probl ...
acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this ...
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file Buffer overflow in the mconvert function in softmagicc in file before 519, as used in the F ...
acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
Oracle Linux Bulletin - October 2015 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - January 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...

Github Repositories

CVEs, bugs, etc

CVEs disclosed libplist : [CVE-2017-5836] (githubcom/libimobiledevice/libplist/issues/86), bug91, bug92, Capstone Engine : CVE-2016-3160, CVE-2016-7151, bug730 , CVE-2016-4044 Facebook HHVM : CVE-2016-6870 , CVE-2016-6871 , CVE-2016-6872 , CVE-2016-6873 , CVE-2016-6874 , CVE-2016-6875 , CVE-2014-6228 , CVE-2014-6229 , Mozilla Firefox : CVE-2015-4512, bug1182496 , [F