CVE-2014-0236 — PHP vulnerability

8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File PHP

Timeline

PublishedMay 16

Latest updateMay 17

Description

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debianfile_project/file< 1:5.19-1+3

▶NVDphp/php5.5.35

🔴Vulnerability Details

GHSA

GHSA-v7cp-96gw-54m4: file before 5↗2022-05-17

▶

CVEList

CVE-2014-0236: file before 5↗2016-05-16

▶

OSV

CVE-2014-0236: file before 5↗2016-05-16

▶

OSV

libvirt vulnerabilities↗2016-01-12

▶

📋Vendor Advisories

Red Hat

file: root_storage NULL pointer deference flaw in CDF parser↗2014-06-27

▶

Debian

CVE-2014-0236: file - file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows ...↗2014

▶

💬Community

Bugzilla

CVE-2014-0236 file: root_storage NULL pointer deference flaw in CDF parser↗2014-05-15

▶