4 matches found
CVE-2014-3479
CVE-2014-3479 affects the Fileinfo component in PHP (cdf_check_stream_offset in cdf.c) and can trigger a remote denial of service (application crash) by crafting a CDF stream offset. It is tied to PHP versions before 5.4.30 and 5.5.x before 5.5.14 due to incorrect sector-size data. The issue is d...
CVE-2014-3480
The CVE-2014-3480 entry concerns a flaw in the cdf_count_chain function of cdf.c used by PHP’s Fileinfo component. The issue stems from inadequate validation of sector-count data in CDF files, enabling a remote attacker to trigger a denial of service (application crash) by supplying a crafted CDF...
CVE-2014-3487
CVE-2014-3487 is a vulnerability in PHP’s Fileinfo (cdf_read_property_info in cdf.c) where the Fileinfo component fails to validate a stream offset in CDF files. A crafted CDF file can cause a DoS (application crash) on PHP builds using file before 5.19, specifically affecting PHP 5.4.30 and 5.5....
CVE-2014-2270
CVE-2014-2270 affects the file/libmagic implementation (softmagic.c) prior to version 5.17. A crafted PE executable can trigger an out-of-bounds memory access in the softmagic data, enabling a context-dependent attacker to cause a denial-of-service (crash). Public advisories describe the impact a...