Описание
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
Отчет
This issue does not affect the file, php, or php53 packages in Red Hat Enterprise Linux 5 and 6. This issue affects the file package in Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update my address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | cdrtools | Not affected | ||
| Red Hat Enterprise Linux 5 | file | Not affected | ||
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 5 | rpm | Not affected | ||
| Red Hat Enterprise Linux 6 | file | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2014:1013 | 06.08.2014 |
| Red Hat Enterprise Linux 7 | file | Fixed | RHSA-2015:2155 | 19.11.2015 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
The cdf_read_short_sector function in cdf.c in file before 5.19, as us ...
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
4.3 Medium
CVSS2