Veracode Vulnerability DatabaseVERACODE:11184Denial Of Service
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
PHP is susceptible to denial of service. The vulnerability exists because of the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. An attacker can inject malicious CDF file to crash a PHP.
References
mx.gw.com/pipermail/file/2012/000914.html
www.debian.org/security/2012/dsa-2422
www.mandriva.com/security/advisories?name=MDVSA-2012:035
www.ubuntu.com/usn/USN-2123-1
access.redhat.com/security/updates/classification/#moderate
github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295
github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b
rhn.redhat.com/errata/RHSA-2014-1012.html
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P