Lucene search
GoogleOSV:DLA-27-1HistoryJul 31, 2014 - 12:00 a.m.
file - security update
2014-07-3100:00:00
Google
osv.dev
20
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Fix various denial of service attacks:
- CVE-2014-3487
The cdf_read_property_info function does not properly validate a stream
offset, which allows remote attackers to cause a denial of service
(application crash) via a crafted CDF file. - CVE-2014-3480
The cdf_count_chain function in cdf.c in does not properly validate
sector-count data, which allows remote attackers to cause a denial of
service
(application crash) via a crafted CDF file. - CVE-2014-3479
The cdf_check_stream_offset function in cdf.c relies on incorrect
sector-size data, which allows remote attackers to cause a denial of service
(application crash) via a crafted stream offset in a CDF file. - CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c allows remote
attackers to cause a denial of service (application crash) via a crafted
Pascal string in a FILE_PSTRING conversion. - CVE-2014-0238
The cdf_read_property_info function in cdf.c allows remote attackers to
cause a denial of service (infinite loop or out-of-bounds memory access) via
a vector that (1) has zero length or (2) is too long. - CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c allows remote attackers to
cause a denial of service (performance degradation) by triggering many
file_printf calls. - CVE-2014-0207
The cdf_read_short_sector function in cdf.c allows remote attackers to
cause a denial of service (assertion failure and application exit) via a
crafted CDF file.
For Debian 6 Squeeze, these issues have been fixed in file version 5.04-5+squeeze6
| CPE | Name | Operator | Version |
|---|---|---|---|
| file | eq | 5.04-5+squeeze5 | |
| file | eq | 5.04-5+squeeze2 | |
| file | eq | 5.04-5+squeeze3 | |
| file | eq | 5.04-5+squeeze1 | |
| file | eq | 5.04-5 | |
| file | eq | 5.04-5+squeeze4 |
References
Related
debian
debian
[DLA 27-1] file security update
2014-07-31 14:47:17
[SECURITY] [DSA 3021-1] file security update
2014-09-09 13:10:59
[SECURITY] [DSA 3021-2] file regression update
2014-09-10 21:28:57
nessus
nessus
Debian DLA-27-1 : file security update
2015-03-26 00:00:00
Mandriva Linux Security Advisory : file (MDVSA-2014:131)
2014-07-10 00:00:00
Amazon Linux AMI : file (ALAS-2014-382)
2014-10-12 00:00:00
mageia
mageia
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
openvas
openvas
Debian Security Advisory DSA 3021-1 (file - security update)
2014-09-09 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-382)
2015-09-08 00:00:00
Debian Security Advisory DSA 3021-1 (file - security update)
2014-09-09 00:00:00
osv
osv
file - security update
2014-09-09 00:00:00
php5 - security update
2014-07-08 00:00:00
php5 - security update
2015-01-31 00:00:00
amazon
amazon
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
PHP vulnerabilities
2014-07-09 00:00:00
PHP updates
2014-06-25 00:00:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
file security and bug fix update
2015-11-23 00:00:00
file security and bug fix update
2014-10-15 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2015:2155) Moderate: file security and bug fix update
2015-11-19 14:41:30
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
file, python security update
2015-11-30 19:28:42
file, python security update
2014-10-20 18:08:44
f5
f5
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
K16954 : Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
2015-09-16 00:00:00
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
[slackware-security] php
2014-06-09 21:04:52
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 19 Update: php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19
2014-06-17 23:36:22
securityvulns
securityvulns
[USN-2276-1] PHP vulnerabilities
2014-07-14 00:00:00
[ MDVSA-2014:116 ] file
2014-06-14 00:00:00
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
ibm
ibm
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
suse
suse
Security update for php53 (important)
2014-07-04 01:04:18
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:19
Denial Of Service (DoS)
2019-05-02 05:04:16
prion
prion
Buffer overflow
2014-07-09 11:07:00
Design/Logic Flaw
2014-07-09 11:07:00
Command injection
2014-07-09 11:07:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
PHP CDF File Handling Infinite Loop (CVE-2014-0238)
2014-08-03 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related for OSV:DLA-27-1