CVE-2014-3478

2014-07-0911:07:00

Debian Security Bug Tracker

security-tracker.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.157 Low

EPSS

Percentile

95.9%

JSON

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

OSVersionArchitecturePackageVersionFilename
Debian12allfile< 1:5.19-1file_1:5.19-1_all.deb
Debian11allfile< 1:5.19-1file_1:5.19-1_all.deb
Debian10allfile< 1:5.19-1file_1:5.19-1_all.deb
Debian999allfile< 1:5.19-1file_1:5.19-1_all.deb
Debian13allfile< 1:5.19-1file_1:5.19-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	file	< 1:5.19-1	file_1:5.19-1_all.deb
Debian	11	all	file	< 1:5.19-1	file_1:5.19-1_all.deb
Debian	10	all	file	< 1:5.19-1	file_1:5.19-1_all.deb
Debian	999	all	file	< 1:5.19-1	file_1:5.19-1_all.deb
Debian	13	all	file	< 1:5.19-1	file_1:5.19-1_all.deb