CVE-2014-0207
published 2014-07-09CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| christos_zoulas | file | < 5.19 | 5.19 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | file | < file 1:5.19-1 (bookworm) | file 1:5.19-1 (bookworm) |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.14-2ubuntu3.1 | 1:5.14-2ubuntu3.1 |
| opensuse | opensuse | — | — |
| oracle | linux | — | — |
| php | php | < 5.3.29 | 5.3.29 |
| php | php | >= 5.4.0 < 5.4.30 | 5.4.30 |
| php | php | >= 5.5.0 < 5.5.14 | 5.5.14 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.3 | 5.5.9+dfsg-1ubuntu4.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM