CVE-2014-3587
published 2014-08-23CVE-2014-3587: Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Affected
75 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| christos_zoulas | file | <= 5.19 | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| christos_zoulas | file | — | — |
| debian | file | < file 1:5.19-2 (bookworm) | file 1:5.19-2 (bookworm) |
| file_project | file | >= 0 < 1:5.19-2 | 1:5.19-2 |
| file_project | file | >= 0 < 1:5.19-2 | 1:5.19-2 |
| file_project | file | >= 0 < 1:5.19-2 | 1:5.19-2 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM