CVE-2014-3587Integer Overflow or Wraparound in Zoulas File

CWE-190Integer Overflow or Wraparound13 documents9 sources
Severity
4.3MEDIUMNVD
CNA6.5OSV6.5
EPSS
19.1%
top 4.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
File Project FilePhp5Christos Zoulas File+1 more
Timeline
PublishedAug 23
Latest updateMay 14

Description

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianfile_project/file< 1:5.19-2+3
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.4
NVDphp/php5.4.31+47

Patches

Patch: bugs.php.netPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-5mp5-8xxq-j3vx: Integer overflow in the cdf_read_property_info function in cdf2022-05-14
OSV
php5 vulnerabilities2014-09-10
CVEList
CVE-2014-3587: Integer overflow in the cdf_read_property_info function in cdf2014-08-23
OSV
CVE-2014-3587: Integer overflow in the cdf_read_property_info function in cdf2014-08-23

📋Vendor Advisories

5
Ubuntu
file vulnerability2014-10-03
Ubuntu
PHP vulnerabilities2014-09-10
Red Hat
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info2014-08-21
Debian
CVE-2014-3587: file - Integer overflow in the cdf_read_property_info function in cdf.c in file through...2014
Apple
CVE-2014-3587: OS X Yosemite v10.10.3 and Security Update 2015-004

💬Community

3
Bugzilla
CVE-2014-3587 php: file: incomplete fix for CVE-2012-1571 in cdf_read_property_info [fedora-all]2014-08-22
Bugzilla
CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info [fedora-all]2014-08-22
Bugzilla
CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info2014-08-11
CVE-2014-3587 — Integer Overflow or Wraparound | cvebase