409 matches found
Medium: php54
Issue Overview: The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the...
Medium: php55
Issue Overview: The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the...
PHP/fileinfo/file DoS
Resources exhaustion and infinite loop in CDF files parsing...
Debian DSA-2943-1 : php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development : - CVE-2014-0185 The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability CVE-2014-0185 in PHP FPM that allowed any...
[SECURITY] [DSA 2943-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2943-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 01, 2014 http://www.debian.org/security/faq -...
DEBIAN-CVE-2014-0237
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...
DEBIAN-CVE-2014-0238
The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...
CVE-2014-0237
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...
Code injection
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...
CVE-2014-0238
The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...
DSA-2943-1 php5 - security update
Bulletin has no description...
CVE-2014-0238
The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...
Debian Security Advisory DSA 2943-1 (php5 - security update)
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development: CVE-2014-0185The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability CVE-2014-0185 in PHP FPM that allowed any local...
CVE-2014-0237
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...
UBUNTU-CVE-2014-0238
The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...
UBUNTU-CVE-2014-0237
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...
SOL15272 - PHP Vulnerability CVE-2013-4636
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...
PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)
A denial of service vulnerability has been reported in PHP Fileinfo. Successful exploitation could result in a denial of service condition. The vulnerability is due to call stack exhaustion when mget handles a magic string. A remote attacker can exploit this flaw by sending a malicious request...
Fedora 19 : php-5.5.12-1.fc19 (2014-5984)
Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...
Fedora 20 : php-5.5.12-1.fc20 (2014-5960)
Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...