409 matches found
CVE-2014-3487
CVE-2014-3487 is a vulnerability in PHP’s Fileinfo (cdf_read_property_info in cdf.c) where the Fileinfo component fails to validate a stream offset in CDF files. A crafted CDF file can cause a DoS (application crash) on PHP builds using file before 5.19, specifically affecting PHP 5.4.30 and 5.5....
CVE-2014-3479
The cdfcheckstreamoffset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service application crash via a crafted stream offset in a CDF...
CVE-2014-3487
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
CVE-2014-0207
The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...
CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
Medium: php55
Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...
UBUNTU-CVE-2014-3480
The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
UBUNTU-CVE-2014-3487
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
UBUNTU-CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
UBUNTU-CVE-2014-3479
The cdfcheckstreamoffset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service application crash via a crafted stream offset in a CDF...
Fedora 19 : php-5.5.14-1.fc19 (2014-7782)
26 Jun 2014, PHP 5.5.14 Core : - Fixed BC break introduced by patch for bug 67072. Anatol, Stas - Fixed bug 66622 Closures do not correctly capture the late bound class static:: in some cases. Levi Morrison - Fixed bug 67390 insecure temporary file use in the configure script. CVE-2014-3981 Remi ...
PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities
Binary data 8320.prm...
Total Commander FileInfo 2.09 Plugin - Multiple PE File Denial of Service Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/25373/info The FileInfo plugin for Total Commander is prone to multiple PE file denial-of-service vulnerabilities because the plugin fails to properly handle malformed input. Successfully exploiting these issues allows...
PHP 5.4.x < 5.4.30 Multiple Vulnerabilities
According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...
PHP 5.5.x < 5.5.14 Multiple Vulnerabilities
According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2254-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2254-1 advisory. Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issu...
USN-2254-1: PHP vulnerabilities
Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...
USN-2254-1 php5 vulnerabilities
Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...
Fedora 20 : php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20 / php-5.5.13-3.fc20 / etc (2014-6901)
29 May 2014, PHP 5.5.13 CLI server : - Fixed bug 67079 Missing MIME types for XML/XSL files. Anatol COM : - Fixed bug 66431 Special Character via COM Interface CPUTF8. Anatol Core : - Fixed bug 65701 copy doesn't work when destination filename is created by tempnam. Boro Sitnikovski - Fixed bug...
Fedora 19 : php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19 / php-5.5.13-3.fc19 / etc (2014-6904)
29 May 2014, PHP 5.5.13 CLI server : - Fixed bug 67079 Missing MIME types for XML/XSL files. Anatol COM : - Fixed bug 66431 Special Character via COM Interface CPUTF8. Anatol Core : - Fixed bug 65701 copy doesn't work when destination filename is created by tempnam. Boro Sitnikovski - Fixed bug...