Описание
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:5.19-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1:5.14-2ubuntu3.1 |
| lucid | released | 5.03-5ubuntu1.3 |
| precise | released | 5.09-2ubuntu0.4 |
| saucy | released | 5.11-2ubuntu4.3 |
| trusty | released | 1:5.14-2ubuntu3.1 |
| trusty/esm | released | 1:5.14-2ubuntu3.1 |
| upstream | released | 1:5.19-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.5.12+dfsg-2ubuntu3 |
| esm-infra-legacy/trusty | released | 5.5.9+dfsg-1ubuntu4.3 |
| lucid | not-affected | |
| precise | not-affected | |
| saucy | released | 5.5.3+dfsg-1ubuntu2.6 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.3 |
| trusty/esm | released | 5.5.9+dfsg-1ubuntu4.3 |
| upstream | released | 5.6.0~rc1+dfsg-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
4.3 Medium
CVSS2