Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

OSVersionArchitecturePackageVersionFilename
Debian12allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian11allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian10allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian999allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian13allfile< 1:5.19-2file_1:5.19-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	11	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	10	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	999	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	13	all	file	< 1:5.19-2	file_1:5.19-2_all.deb

ubuntucve 2

securityvulns 6

cve 2

openvas 51

nessus 58

prion 2

amazon 2

fedora 5

mageia 2

checkpoint_advisories 2

veracode 5

ubuntu 3

f5 2

debian 9

gentoo 1

debiancve 1

redhat 8

centos 6

oraclelinux 7

kitploit 1

osv 4

freebsd 1

freebsd_advisory 1

ibm 5

slackware 1

suse 3

rosalinux 1

oracle 1

ubuntucve

CVE-2014-3587

2014-08-22 00:00:00

CVE-2012-1571

2012-07-17 00:00:00

securityvulns

file utility memory corruption

2014-09-03 00:00:00

[ MDVSA-2014:167 ] file

2014-09-03 00:00:00

[USN-2344-1] PHP vulnerabilities

2014-09-15 00:00:00

cve

CVE-2014-3587

2014-08-23 01:55:00

CVE-2012-1571

2012-07-17 21:55:00

openvas

Amazon Linux: Security Advisory (ALAS-2014-398)

2015-09-08 00:00:00

Amazon Linux: Security Advisory (ALAS-2014-415)

2015-09-08 00:00:00

Ubuntu: Security Advisory (USN-2369-1)

2014-10-03 00:00:00

nessus

Amazon Linux AMI : file (ALAS-2014-398)

2014-10-12 00:00:00

Fedora 20 : file-5.19-4.fc20 (2014-9712)

2014-08-25 00:00:00

Amazon Linux AMI : php55 (ALAS-2014-415)

2014-10-12 00:00:00

prion

Integer overflow

2014-08-23 01:55:00

Out-of-bounds

2012-07-17 21:55:00

amazon

Medium: file

2014-09-03 14:38:00

Medium: php55

2014-09-18 21:03:00

fedora

[SECURITY] Fedora 20 Update: file-5.19-4.fc20

2014-08-24 02:55:59

[SECURITY] Fedora 20 Update: php-5.5.16-1.fc20

2014-09-02 06:40:37

[SECURITY] Fedora 19 Update: php-5.5.16-1.fc19

2014-09-02 06:47:45

mageia

Updated php packages fix multiple security vulnerabilities

2014-09-05 13:07:37

Updated file packages fix CVE-2014-3587

2014-08-27 03:04:56

checkpoint_advisories

PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)

2014-10-26 00:00:00

PHP Fileinfo cdf_read_property_info Denial of Service - ver 2 (CVE-2014-3587)

2014-11-12 00:00:00

veracode

Denial Of Service (DoS)

2019-05-02 05:04:19

Denial Of Service

2019-01-15 08:58:13

Denial Of Service (DoS)

2019-05-02 05:04:17

ubuntu

file vulnerability

2014-10-03 00:00:00

PHP vulnerabilities

2014-09-10 00:00:00

file vulnerabilities

2014-02-26 00:00:00

SOL16875 - file vulnerability CVE-2012-1571

2015-07-02 00:00:00

K16875 : file vulnerability CVE-2012-1571

2015-07-02 00:00:00

debian

[SECURITY] [DSA 2422-2] file regression fix

2012-05-09 18:23:22

[SECURITY] [DLA 50-1] file security update

2014-09-10 15:52:03

[SECURITY] [DLA 67-1] php5 security update

2014-09-30 07:41:52

gentoo

file: Denial of service

2012-09-26 00:00:00

debiancve

CVE-2012-1571

2012-07-17 21:55:00

redhat

(RHSA-2014:1326) Moderate: php53 and php security update

2014-09-30 00:00:00

(RHSA-2014:1327) Moderate: php security update

2014-09-30 00:00:00

(RHSA-2014:1606) Moderate: file security and bug fix update

2014-10-14 00:00:00

centos

php, php53 security update

2014-09-30 10:27:47

php security update

2014-09-30 10:59:18

file, python security update

2016-05-16 10:13:44

oraclelinux

php53 and php security update

2014-09-30 00:00:00

file security, bug fix, and enhancement update

2016-05-12 00:00:00

php security update

2014-09-30 00:00:00

kitploit

Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities

2019-05-21 21:17:00

osv

file - security update

2014-09-10 00:00:00

php5 - security update

2014-09-30 00:00:00

php5 - security update

2014-08-21 00:00:00

freebsd

FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)

2014-06-24 00:00:00

freebsd_advisory

FreeBSD-SA-14:16.file

2014-06-24 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection

2018-06-16 21:43:49

Security Bulletin: File vulnerabilities affect IBM SmartClound Entry

2020-07-19 00:49:12

Security Bulletin: Multiple vulnerabilities in file affect PowerKVM

2018-06-18 01:30:43

slackware

[slackware-security] php

2014-09-04 22:00:56

suse

Security update for php53 (important)

2016-09-16 21:09:09

Security update for php5 (important)

2016-10-04 17:11:09

Security update for php5 (important)

2016-09-28 15:09:48

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

Related for DEBIANCVE:CVE-2014-3587