Описание
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:5.19-1ubuntu1.1 |
| esm-infra-legacy/trusty | not-affected | 1:5.14-2ubuntu3.2 |
| lucid | released | 5.03-5ubuntu1.4 |
| precise | released | 5.09-2ubuntu0.5 |
| trusty | released | 1:5.14-2ubuntu3.2 |
| trusty/esm | not-affected | 1:5.14-2ubuntu3.2 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.5.12+dfsg-2ubuntu4 |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.4 |
| lucid | released | 5.3.2-1ubuntu4.27 |
| precise | released | 5.3.10-1ubuntu3.14 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.4 |
| trusty/esm | not-affected | 5.5.9+dfsg-1ubuntu4.4 |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Integer overflow in the cdf_read_property_info function in cdf.c in fi ...
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
4.3 Medium
CVSS2