Lucene search

K
nvd[email protected]NVD:CVE-2014-0207
HistoryJul 09, 2014 - 11:07 a.m.

CVE-2014-0207

2014-07-0911:07:01
CWE-119
web.nvd.nist.gov
14

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.009

Percentile

82.3%

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

Affected configurations

Nvd
Node
christos_zoulasfileRange<5.19
Node
phpphpRange<5.3.29
OR
phpphpRange5.4.0–5.4.30
OR
phpphpRange5.5.0–5.5.14
Node
oraclelinuxMatch7-
Node
opensuseopensuseMatch11.4
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
VendorProductVersionCPE
christos_zoulasfile*cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
oraclelinux7cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.009

Percentile

82.3%