CVE-2014-0237

🗓️ 01 Jun 2014 01:00:00Reported by redhatType

The cdf_unpack_summary_info function in cdf.c in PHP before 5.4.29 and 5.5.x allows remote attackers to cause a denial of service by triggering many file_printf calls

Reporter	Title	Published	Views	Family All 186
Tenable Nessus	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities	10 Apr 201900:00	–	nessus
Tenable Nessus	Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)	19 Sep 201400:00	–	nessus
Tenable Nessus	PHP 5.4.x < 5.4.29 / 5.5.x < 5.5.13 Multiple Vulnerabilities	9 Apr 201500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php54 (ALAS-2014-361)	12 Oct 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php55 (ALAS-2014-362)	12 Oct 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : file (ALAS-2014-382)	12 Oct 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php (ALAS-2014-393)	12 Oct 201400:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : php / php53 (CESA-2014:1012)	7 Aug 201400:00	–	nessus
Tenable Nessus	CentOS 7 : php (CESA-2014:1013)	7 Aug 201400:00	–	nessus
Tenable Nessus	CentOS 6 : file (CESA-2014:1606)	12 Nov 201400:00	–	nessus

NVD

Node

php phpRange<5.3.29

php phpRange5.4.0–5.4.29

php phpRange5.5.0–5.5.13

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

Source	Link
oracle	www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
github	www.github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
securityfocus	www.securityfocus.com/bid/67759
support	www.support.apple.com/kb/HT6443
secunia	www.secunia.com/advisories/59329
secunia	www.secunia.com/advisories/60998
lists	www.lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
lists	www.lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
debian	www.debian.org/security/2014/dsa-3021
php	www.php.net/ChangeLog-5.php

06 May 2026 22:30Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25

EPSS0.2611

CWE-399