CVE-2014-0238
published 2014-06-01CVE-2014-0238: The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial…
medium5CVSS 3.1
AVNACLAuNCNINAP
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | file | < file 1:5.19-1 (bookworm) | file 1:5.19-1 (bookworm) |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| php | php | < 5.3.29 | 5.3.29 |
| php | php | >= 5.4.0 < 5.4.29 | 5.4.29 |
| php | php | >= 5.5.0 < 5.5.13 | 5.5.13 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.2 | 5.5.9+dfsg-1ubuntu4.2 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.1 | 5.5.9+dfsg-1ubuntu4.1 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.2HIGH