CVE-2014-3587

2014-08-2200:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

Integer overflow in the cdf_read_property_info function in cdf.c in file
through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and
5.5.x before 5.5.16, allows remote attackers to cause a denial of service
(application crash) via a crafted CDF file. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2012-1571.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfile< 5.03-5ubuntu1.4UNKNOWN
ubuntu12.04noarchfile< 5.09-2ubuntu0.5UNKNOWN
ubuntu14.04noarchfile< 1:5.14-2ubuntu3.2UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.27UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.14UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	file	< 5.03-5ubuntu1.4	UNKNOWN
ubuntu	12.04	noarch	file	< 5.09-2ubuntu0.5	UNKNOWN
ubuntu	14.04	noarch	file	< 1:5.14-2ubuntu3.2	UNKNOWN
ubuntu	10.04	noarch	php5	< 5.3.2-1ubuntu4.27	UNKNOWN
ubuntu	12.04	noarch	php5	< 5.3.10-1ubuntu3.14	UNKNOWN
ubuntu	14.04	noarch	php5	< 5.5.9+dfsg-1ubuntu4.4	UNKNOWN