Computer Security
[EN] securityvulns.ru no-pyccku


PHP/fileinfo/file DoS
Published:14.06.2014
Source:
SecurityVulns ID:13826
Type:library
Threat Level:
5/10
Description:Resources exhaustion and infinite loop in CDF files parsing.
Affected:PHP : PHP 5.5
CVE:CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.)
 CVE-2014-0238 (The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.)
 CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:116 ] file (14.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod