CVE Vulnerabilities

CVE-2014-3480

Published: Jul 09, 2014 | Modified: Oct 28, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Affected Software

Name Vendor Start Version End Version
File File_project * 5.19 (excluding)
Php Php * 5.3.29 (excluding)
Php Php 5.4.0 (including) 5.4.30 (excluding)
Php Php 5.5.0 (including) 5.5.14 (excluding)
Red Hat Enterprise Linux 5 RedHat php53-0:5.3.3-23.el5_10 *
Red Hat Enterprise Linux 6 RedHat php-0:5.3.3-27.el6_5.1 *
Red Hat Enterprise Linux 6 RedHat file-0:5.04-21.el6 *
Red Hat Enterprise Linux 7 RedHat php-0:5.4.16-23.el7_0 *
Red Hat Enterprise Linux 7 RedHat file-0:5.11-31.el7 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 RedHat php54-php-0:5.4.16-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 RedHat php55-php-0:5.5.6-13.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS RedHat php54-php-0:5.4.16-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS RedHat php55-php-0:5.5.6-13.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS RedHat php54-php-0:5.4.16-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS RedHat php55-php-0:5.5.6-13.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS RedHat php54-php-0:5.4.16-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS RedHat php55-php-0:5.5.6-13.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 RedHat php54-php-0:5.4.16-22.el7 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 RedHat php55-php-0:5.5.6-13.el7 *
File Ubuntu devel *
File Ubuntu lucid *
File Ubuntu precise *
File Ubuntu saucy *
File Ubuntu trusty *
File Ubuntu upstream *
Php5 Ubuntu devel *
Php5 Ubuntu lucid *
Php5 Ubuntu precise *
Php5 Ubuntu saucy *
Php5 Ubuntu trusty *
Php5 Ubuntu upstream *

References