Headline
CVE-2014-0238: CDF infinite loop in nelements DoS
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
[2014-05-22 14:23 UTC] [email protected]
-CVE-ID: +CVE-ID: 2014-0238
[2014-05-27 01:15 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-05-27 01:15 UTC] [email protected]
-Status: Open +Status: Closed
[2014-05-27 10:25 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-05-27 10:26 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-05-27 19:18 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=22736b7c56d678f142d5dd21f4996e5819507a2b Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-06-01 15:05 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-06-04 01:22 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-07-29 21:57 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=d77ea459bd33a5267475a809a86f30a1d89ef0c2 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-08-14 15:34 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=d77ea459bd33a5267475a809a86f30a1d89ef0c2 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-08-14 19:32 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=d77ea459bd33a5267475a809a86f30a1d89ef0c2 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-10-07 23:14 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=d77ea459bd33a5267475a809a86f30a1d89ef0c2 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-10-07 23:15 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-10-07 23:25 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=d77ea459bd33a5267475a809a86f30a1d89ef0c2 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
[2014-10-07 23:26 UTC] [email protected]
Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=57225f09edd671db50137194cb83530884cb6030 Log: Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
Related news
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.