CVE-2014-0207

Published: Jul 9, 2014Modified: May 6, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

Affected (8)

Products: Christos Zoulas: File · Php: Php · Oracle: Linux · +2 more

Show all products

Christos Zoulas: File · Php: Php · Oracle: Linux · Opensuse: Opensuse · Debian: Debian Linux

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Christos Zoulas File	Before 5.19

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	Before 5.3.29
Php Php	From 5.4.0 to 5.4.30
Php Php	From 5.5.0 to 5.5.14

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (38)

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Source: secalert@redhat.com

Broken LinkMailing List

http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=141017844705317&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://mx.gw.com/pipermail/file/2014/001553.html

Source: secalert@redhat.com

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-1765.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1766.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/59794

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/59831

Source: secalert@redhat.com

Not Applicable

http://support.apple.com/kb/HT6443

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2014/dsa-2974

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2014/dsa-3021

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

Third Party Advisory

http://www.php.net/ChangeLog-5.php

Source: secalert@redhat.com

Release NotesVendor Advisory

http://www.securityfocus.com/bid/68243

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugs.php.net/bug.php?id=67326

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1091842

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391

Source: secalert@redhat.com

PatchThird Party Advisory

https://support.apple.com/HT204659

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html