Versions of PHP 5.4.x earlier than 5.4.29, or 5.5.x earlier than 5.5.13 are exposed to the following issues :
A flaw exists with the ‘cdf_unpack_summary_info()’ function within ‘src/cdf.c’ where multiple file_printf calls occur when handling specially crafted CDF files. This could allow a context dependent attacker to crash the web application using PHP. (Bug 67328 / CVE-2014-0237)
A flaw exists with the ‘cdf_read_property_info()’ function within ‘src/cdf.c’ where an infinite loop occurs when handling specially crafted CDF files. This could allow a context dependent attacker to crash the web application using PHP. (Bug 67327 / CVE-2014-0238)
An out-of-bounds read exists in printf when parsing a single quote as the padding specifier. (Bug 67249)
Binary data 8679.prm