Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-3480

Published: 09/07/2014 Updated: 28/10/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

The cdf_count_chain function in cdf.c in file prior to 5.19, as used in the Fileinfo component in PHP prior to 5.4.30 and 5.5.x prior to 5.5.14, does not properly validate sector-count data, which allows remote malicious users to cause a denial of service (application crash) via a crafted CDF file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

file project file

debian debian linux 8.0

debian debian linux 7.0

opensuse opensuse 11.4

oracle linux 7

Vendor Advisories

Red Hat: Moderate: file security and bug fix update
Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...
Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Ubuntu Security Notice: file vulnerabilities
File could be made to crash or hang if it processed specially crafted data ...
Debian Security Advisories: DSA-3021-1 file -- security update
Multiple security issues have been found in file, a tool to determine a file type These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash For the stable distribution (wheezy), these problems have been fixed in version 511-2+deb7u4 For the testing distribution (jessie), these probl ...
Debian Security Advisories: DSA-2974-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_se ...
Red Hat: CVE-2014-3480
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file ...
Amazon Linux AMI: ALAS-2014-372
acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this ...
Amazon Linux AMI: ALAS-2014-382
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file Buffer overflow in the mconvert function in softmagicc in file before 519, as used in the F ...
Amazon Linux AMI: ALAS-2014-367
acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this ...

References

NVD-CWE-noinfohttps://bugs.php.net/bug.php?id=67412https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382http://mx.gw.com/pipermail/file/2014/001553.htmlhttp://www.php.net/ChangeLog-5.phphttp://secunia.com/advisories/59794http://secunia.com/advisories/59831http://support.apple.com/kb/HT6443http://www.debian.org/security/2014/dsa-3021http://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://www.debian.org/security/2014/dsa-2974http://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00046.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://marc.info/?l=bugtraq&m=141017844705317&w=2http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/68238https://access.redhat.com/errata/RHSA-2015:2155https://nvd.nist.govhttps://usn.ubuntu.com/2276-1/https://access.redhat.com/security/cve/cve-2014-3480
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook