9 matches found
file: Fix of CVE-2019-18218
CVE-2019-18218: fix heap-based buffer overflow in cdfreadpropertyinfo...
MiracleLinux 8 : file-5.33-20.el8 (AXSA:2021-2595:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2595:03 advisory. file: heap-based buffer overflow in cdfreadpropertyinfo in cdf.c CVE-2019-18218 Tenable has extracted the preceding description block directly from the...
SUSE CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
DEBIAN-CVE-2009-0947
Multiple integer overflows in the 1 cdfreadpropertyinfo and 2 cdfreadsat functions in file before 5.02...
Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information
A vulnerability exists in the cdfreadpropertyinfo function of the Fileinfo component’s file in PHP, due to improper flow control. Exploitation of this vulnerability allows malicious actors to cause a service failure abnormal termination of the application by using specially crafted CDF files...
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...
UBUNTU-CVE-2014-3487
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...