Headline
CVE-2014-3480: PHP :: Sec Bug #67412 :: fileinfo: cdf_count_chain insufficient boundary check
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Sec Bug #67412
fileinfo: cdf_count_chain insufficient boundary check
Submitted:
2014-06-10 11:43 UTC
Modified:
2014-06-27 08:05 UTC
From:
Assigned:
remi (profile)
Status:
Closed
Package:
Filesystem function related
PHP Version:
5.4.29
OS:
irrevelant
Private report:
No
CVE-ID:
2014-3480
Patches
Add a Patch
Pull Requests
Add a Pull Request
History
AllCommentsChangesGit/SVN commitsRelated reports
[2014-06-10 11:44 UTC] [email protected]
-CVE-ID: +CVE-ID: 2014-3480
[2014-06-10 11:44 UTC] [email protected]
Waitinf for CVE-2014-3480 public disclosure date
[2014-06-10 12:25 UTC] [email protected]
-Status: Open +Status: Closed -Assigned To: +Assigned To: remi
Related news
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.