Lucene search

K
nvd[email protected]NVD:CVE-2014-3479
HistoryJul 09, 2014 - 11:07 a.m.

CVE-2014-3479

2014-07-0911:07:01
web.nvd.nist.gov
5

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.2%

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

Affected configurations

Nvd
Node
file_projectfileRange<5.19
OR
phpphpRange<5.3.29
OR
phpphpRange5.4.05.4.30
OR
phpphpRange5.5.05.5.14
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
opensuseopensuseMatch11.4
Node
oraclelinuxMatch7-
VendorProductVersionCPE
file_projectfile*cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
oraclelinux7cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.2%