Lucene search
Ubuntu.comUB:CVE-2014-3479HistoryJul 09, 2014 - 12:00 a.m.
CVE-2014-3479
2014-07-0900:00:00
ubuntu.com
ubuntu.com
8
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
79.9%
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used
in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14,
relies on incorrect sector-size data, which allows remote attackers to
cause a denial of service (application crash) via a crafted stream offset
in a CDF file.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | php in precise and earlier is different |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | file | < 5.03-5ubuntu1.3 | UNKNOWN |
| ubuntu | 12.04 | noarch | file | < 5.09-2ubuntu0.4 | UNKNOWN |
| ubuntu | 13.10 | noarch | file | < 5.11-2ubuntu4.3 | UNKNOWN |
| ubuntu | 14.04 | noarch | file | < 1:5.14-2ubuntu3.1 | UNKNOWN |
| ubuntu | 13.10 | noarch | php5 | < 5.5.3+dfsg-1ubuntu2.6 | UNKNOWN |
| ubuntu | 14.04 | noarch | php5 | < 5.5.9+dfsg-1ubuntu4.3 | UNKNOWN |
Related
debiancve
debiancve
CVE-2014-3479
2014-07-09 11:07:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:18
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
prion
prion
Design/Logic Flaw
2014-07-09 11:07:00
cve
cve
CVE-2014-3479
2014-07-09 11:07:00
nessus
nessus
Mandriva Linux Security Advisory : file (MDVSA-2014:131)
2014-07-10 00:00:00
openSUSE Security Update : php / php5 / php53 (openSUSE-SU-2014:0925-1)
2014-07-24 00:00:00
Oracle Linux 6 : file (ELSA-2014-1606)
2014-10-17 00:00:00
mageia
mageia
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0282)
2022-01-28 00:00:00
PHP Multiple Vulnerabilities - 01 (Jul 2014)
2014-07-18 00:00:00
Oracle: Security Advisory (ELSA-2014-1606)
2015-10-06 00:00:00
debian
debian
[DLA 27-1] file security update
2014-07-31 14:47:17
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
redhat
redhat
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
oraclelinux
oraclelinux
file security and bug fix update
2014-10-15 00:00:00
php security update
2014-08-06 00:00:00
php53 and php security update
2014-08-06 00:00:00
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
PHP vulnerabilities
2014-07-09 00:00:00
osv
osv
php5 - security update
2014-07-08 00:00:00
file - security update
2014-07-31 00:00:00
file - security update
2014-09-09 00:00:00
centos
centos
file, python security update
2014-10-20 18:08:44
php security update
2014-08-06 14:38:20
php, php53 security update
2014-08-06 14:53:37
f5
f5
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
amazon
amazon
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
[SECURITY] Fedora 19 Update: php-5.5.14-1.fc19
2014-07-08 00:57:33
securityvulns
securityvulns
[USN-2276-1] PHP vulnerabilities
2014-07-14 00:00:00
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
suse
suse
Security update for php53 (important)
2016-06-21 13:08:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
79.9%
Related for UB:CVE-2014-3479