Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3478

Опубликовано: 09 июл. 2014
Источник: nvd
CVSS2: 5
EPSS Средний

Описание

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*
Версия до 5.18 (включая)
cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия до 5.4.29 (включая)
cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.49178
Средний

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2014-3478

ubuntu
почти 11 лет назад

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

redhat логотип

CVE-2014-3478

redhat
почти 11 лет назад

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

debian логотип

CVE-2014-3478

debian
почти 11 лет назад

Buffer overflow in the mconvert function in softmagic.c in file before ...

github логотип

GHSA-h772-f5rg-qrvv

github
около 3 лет назад

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

fstec логотип

BDU:2015-00370

fstec
около 11 лет назад

Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 98%
0.49178
Средний

5 Medium

CVSS2

Дефекты

CWE-119