4 matches found
SUSE CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
The vulnerability of the cdf_readproperty_info function in the file classification tool allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the cdfreadpropertyinfo function of the file classification tool is related to a buffer overflow error data exceeding 4 bytes. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...
UBUNTU-CVE-2014-3487
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...