Headline
CVE-2014-3487: PHP :: Sec Bug #67413 :: fileinfo: cdf_read_property_info insufficient boundary check
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
[2014-06-10 11:45 UTC] [email protected]
-CVE-ID: +CVE-ID: 2014-3487
[2014-06-10 11:45 UTC] [email protected]
Waiting for CVE-2014-3487 public disclosure date.
[2014-06-10 12:37 UTC] [email protected]
-Status: Open +Status: Closed -Assigned To: +Assigned To: remi
[2014-06-10 12:37 UTC] [email protected]
The fix for this bug has been committed.
Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/.
For Windows:
http://windows.php.net/snapshots/
Thank you for the report, and for helping us make PHP better.
http://git.php.net/?p=php-src.git;a=commit;h=25b1dc917a53787dbb2532721ca22f3f36eb13c0
[2014-07-02 08:26 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src.git;a=commit;h=25b1dc917a53787dbb2532721ca22f3f36eb13c0 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-07-02 08:34 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src.git;a=commit;h=25b1dc917a53787dbb2532721ca22f3f36eb13c0 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-07-29 21:56 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src.git;a=commit;h=2fe5bcbeb58bb1088f9fcdb9f02599880454b602 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-08-14 15:34 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src.git;a=commit;h=2fe5bcbeb58bb1088f9fcdb9f02599880454b602 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-08-14 19:32 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src.git;a=commit;h=2fe5bcbeb58bb1088f9fcdb9f02599880454b602 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-10-07 23:14 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2fe5bcbeb58bb1088f9fcdb9f02599880454b602 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-10-07 23:14 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=25b1dc917a53787dbb2532721ca22f3f36eb13c0 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-10-07 23:25 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2fe5bcbeb58bb1088f9fcdb9f02599880454b602 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
[2014-10-07 23:25 UTC] [email protected]
Automatic comment on behalf of remi Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=25b1dc917a53787dbb2532721ca22f3f36eb13c0 Log: Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
Related news
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.