5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.032 Low
EPSS
Percentile
91.1%
Package : php5
Version : 5.3.3-7+squeeze24
CVE ID : CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117
Brief introduction
CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows
remote attackers to cause a denial of service (performance
degradation) by triggering many file_printf calls.
CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows
remote attackers to cause a denial of service (infinite loop
or out-of-bounds memory access) via a vector that (1) has zero
length or (2) is too long.
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context
dependent attackers to cause a denial of service (out-of-bounds
memory access and crash) via crafted offsets in the softmagic
of a PE executable.
CVE-2014-8117
- Stop reporting bad capabilities after the first few.
- limit the number of program and section header number of sections
- limit recursion level
CVE-2015-TEMP (no official CVE number available yet)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | kfreebsd-i386 | php5-dev | < 5.4.4-14+deb7u8 | php5-dev_5.4.4-14+deb7u8_kfreebsd-i386.deb |
Debian | 7 | powerpc | php5-xmlrpc | < 5.4.4-14+deb7u8 | php5-xmlrpc_5.4.4-14+deb7u8_powerpc.deb |
Debian | 7 | armhf | php5-enchant | < 5.4.4-14+deb7u8 | php5-enchant_5.4.4-14+deb7u8_armhf.deb |
Debian | 6 | amd64 | php5-xsl | < 5.3.3-7+squeeze24 | php5-xsl_5.3.3-7+squeeze24_amd64.deb |
Debian | 6 | amd64 | php5-mysql | < 5.3.3-7+squeeze24 | php5-mysql_5.3.3-7+squeeze24_amd64.deb |
Debian | 7 | mips | php5-gmp | < 5.4.4-14+deb7u8 | php5-gmp_5.4.4-14+deb7u8_mips.deb |
Debian | 7 | kfreebsd-amd64 | php5-interbase | < 5.4.4-14+deb7u8 | php5-interbase_5.4.4-14+deb7u8_kfreebsd-amd64.deb |
Debian | 7 | powerpc | php5-sybase | < 5.4.4-14+deb7u8 | php5-sybase_5.4.4-14+deb7u8_powerpc.deb |
Debian | 6 | i386 | libmagic-dev | < 5.04-5+squeeze9 | libmagic-dev_5.04-5+squeeze9_i386.deb |
Debian | 6 | i386 | php5-odbc | < 5.3.3-7+squeeze24 | php5-odbc_5.3.3-7+squeeze24_i386.deb |