Lucene search
K

16 matches found

BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of the PHP interpreter, which allows a malicious attacker to trigger a service failure

The cdfunpacksummaryinfo function in the cdf.c library of the PHP interpreter contains a vulnerability. Exploiting this vulnerability allows an unauthorized attacker to trigger an infinite loop using a specially created CDF file, resulting in service failure due to exhaustion of processor resourc...

5CVSS7.4AI score0.19877EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2014/09/03 12:0 a.m.55 views

Medium: file

Issue Overview: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerabili...

6.5CVSS8.5AI score0.20237EPSS
Exploits2
Prion
Prion
added 2014/08/23 1:55 a.m.24 views

Integer overflow

Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...

4.3CVSS7.1AI score0.20237EPSS
Exploits2References23Affected Software2
OSV
OSV
added 2014/08/22 12:0 a.m.7 views

UBUNTU-CVE-2014-3587

Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...

4.3CVSS7.2AI score0.20237EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 6:5 a.m.5 views

file: cdf_read_property_info insufficient boundary check

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

4.3CVSS7.2AI score0.14927EPSS
Exploits0References4
OSV
OSV
added 2014/07/09 11:7 a.m.2 views

DEBIAN-CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

6.5CVSS7.7AI score0.16853EPSS
Exploits0References1
OSV
OSV
added 2014/07/09 11:7 a.m.8 views

CVE-2014-3487

The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

7AI score
Exploits0References24
Prion
Prion
added 2014/07/09 11:7 a.m.30 views

Command injection

The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

4.3CVSS6.9AI score0.11481EPSS
Exploits0References18Affected Software5
Prion
Prion
added 2014/07/09 11:7 a.m.22 views

Design/Logic Flaw

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

4.3CVSS6.9AI score0.16853EPSS
Exploits0References19Affected Software5
Vulnrichment
Vulnrichment
added 2014/07/09 10:0 a.m.2 views

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

6.4AI score0.16853EPSS
Exploits0References19
Debian CVE
Debian CVE
added 2014/07/09 10:0 a.m.27 views

CVE-2014-3487

The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

4.3CVSS7.6AI score0.14927EPSS
Exploits0
Debian CVE
Debian CVE
added 2014/07/09 10:0 a.m.20 views

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

6.5CVSS7.6AI score0.16853EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/07/09 12:0 a.m.33 views

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

6.5CVSS7.1AI score0.16853EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/07/09 12:0 a.m.32 views

CVE-2014-3480

The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

6.5CVSS7.2AI score0.11481EPSS
Exploits0References4
OSV
OSV
added 2014/07/09 12:0 a.m.5 views

UBUNTU-CVE-2014-3480

The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

6.5CVSS7.2AI score0.11481EPSS
Exploits0References5
Cvelist
Cvelist
added 2012/07/17 9:0 p.m.30 views

CVE-2012-1571

file before 5.11 and libmagic allow remote attackers to cause a denial of service crash via a crafted Composite Document File CDF file that triggers 1 an out-of-bounds read or 2 an invalid pointer dereference...

9.1AI score0.04117EPSS
Exploits1References6
Rows per page
Query Builder