89 matches found
CVE-2014-0207
The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...
DEBIAN-CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
Design/Logic Flaw
The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...
CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
CVE-2014-3487
CVE-2014-3487 is a vulnerability in PHP’s Fileinfo (cdf_read_property_info in cdf.c) where the Fileinfo component fails to validate a stream offset in CDF files. A crafted CDF file can cause a DoS (application crash) on PHP builds using file before 5.19, specifically affecting PHP 5.4.30 and 5.5....
CVE-2014-0207
CVE-2014-0207 affects the PHP fileinfo extension’s handling of Composite Document Format (CDF) files. The vulnerability is in the cdf_read_short_sector() function (cdf.c) when used with PHP builds prior to 5.4.30 and 5.5.x prior to 5.5.14, where insufficient boundary checks allow a remote attacke...
CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
CVE-2014-3479
The cdfcheckstreamoffset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service application crash via a crafted stream offset in a CDF...
CVE-2014-0207
The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...
CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
UBUNTU-CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
UBUNTU-CVE-2014-3487
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
UBUNTU-CVE-2014-3479
The cdfcheckstreamoffset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service application crash via a crafted stream offset in a CDF...
UBUNTU-CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2254-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2254-1 advisory. Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issu...