CVE-2014-0237
published 2014-06-01CVE-2014-0237: The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial…
medium5CVSS 3.1
AVNACLAuNCNINAP
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | file | < file 1:5.19-1 (bookworm) | file 1:5.19-1 (bookworm) |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| php | php | < 5.3.29 | 5.3.29 |
| php | php | >= 5.4.0 < 5.4.29 | 5.4.29 |
| php | php | >= 5.5.0 < 5.5.13 | 5.5.13 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.2 | 5.5.9+dfsg-1ubuntu4.2 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.1 | 5.5.9+dfsg-1ubuntu4.1 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.2HIGH