Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-3479

Опубликовано: 09 июл. 2014
Источник: debian
EPSS Средний

Описание

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
filefixed1:5.19-1package
filefixed5.04-5+squeeze6squeezepackage
php5fixed5.6.0~rc1+dfsg-1package
php5not-affectedsqueezepackage

Примечания

  • https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67

  • https://bugs.php.net/bug.php?id=67411

EPSS

Процентиль: 94%
0.14559
Средний

Связанные уязвимости

ubuntu
почти 11 лет назад

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

redhat
почти 11 лет назад

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

nvd
почти 11 лет назад

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

github
около 3 лет назад

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

fstec
около 11 лет назад

Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 94%
0.14559
Средний
Уязвимость CVE-2014-3479