CVE-2014-3587

Published: Aug 23, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

Affected (88)

Products: Christos Zoulas: File · Php: Php

Christos Zoulas

1 product

1 product

Configuration A

88 vulnerable

Vulnerable Software	Affected Versions
Christos Zoulas File	Up to 5.19
Christos Zoulas File	Version 5.00
Christos Zoulas File	Version 5.01
Christos Zoulas File	Version 5.02
Christos Zoulas File	Version 5.03
Christos Zoulas File	Version 5.04
Christos Zoulas File	Version 5.05
Christos Zoulas File	Version 5.06
Christos Zoulas File	Version 5.07
Christos Zoulas File	Version 5.08
Christos Zoulas File	Version 5.09
Christos Zoulas File	Version 5.10
Christos Zoulas File	Version 5.11
Christos Zoulas File	Version 5.12
Christos Zoulas File	Version 5.13
Christos Zoulas File	Version 5.14
Christos Zoulas File	Version 5.15
Christos Zoulas File	Version 5.16
Christos Zoulas File	Version 5.17
Christos Zoulas File	Version 5.18
Php Php	Up to 5.4.31
Php Php	Version 5.4.0
Php Php	Version 5.4.0 beta2
Php Php	Version 5.4.0 beta2
Php Php	Version 5.4.0 rc2
Php Php	Version 5.4.10
Php Php	Version 5.4.11
Php Php	Version 5.4.12
Php Php	Version 5.4.12 rc1
Php Php	Version 5.4.12 rc2
Php Php	Version 5.4.13
Php Php	Version 5.4.13 rc1
Php Php	Version 5.4.14
Php Php	Version 5.4.14 rc1
Php Php	Version 5.4.15
Php Php	Version 5.4.15 rc1
Php Php	Version 5.4.16 rc1
Php Php	Version 5.4.17
Php Php	Version 5.4.18
Php Php	Version 5.4.19
Php Php	Version 5.4.1
Php Php	Version 5.4.20
Php Php	Version 5.4.21
Php Php	Version 5.4.22
Php Php	Version 5.4.23
Php Php	Version 5.4.24
Php Php	Version 5.4.25
Php Php	Version 5.4.26
Php Php	Version 5.4.27
Php Php	Version 5.4.28
Php Php	Version 5.4.29
Php Php	Version 5.4.2
Php Php	Version 5.4.30
Php Php	Version 5.4.3
Php Php	Version 5.4.4
Php Php	Version 5.4.5
Php Php	Version 5.4.6
Php Php	Version 5.4.7
Php Php	Version 5.4.8
Php Php	Version 5.4.9
Php Php	Version 5.5.0
Php Php	Version 5.5.0 alpha1
Php Php	Version 5.5.0 alpha2
Php Php	Version 5.5.0 alpha3
Php Php	Version 5.5.0 alpha4
Php Php	Version 5.5.0 alpha5
Php Php	Version 5.5.0 alpha6
Php Php	Version 5.5.0 beta1
Php Php	Version 5.5.0 beta2
Php Php	Version 5.5.0 beta3
Php Php	Version 5.5.0 beta4
Php Php	Version 5.5.0 rc1
Php Php	Version 5.5.0 rc2
Php Php	Version 5.5.10
Php Php	Version 5.5.11
Php Php	Version 5.5.12
Php Php	Version 5.5.13
Php Php	Version 5.5.14
Php Php	Version 5.5.15
Php Php	Version 5.5.1
Php Php	Version 5.5.2
Php Php	Version 5.5.3
Php Php	Version 5.5.4
Php Php	Version 5.5.5
Php Php	Version 5.5.6
Php Php	Version 5.5.7
Php Php	Version 5.5.8
Php Php	Version 5.5.9

Related CWEs

References (46)

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Source: secalert@redhat.com

http://php.net/ChangeLog-5.php

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1326.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1327.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1765.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1766.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0760.html

Source: secalert@redhat.com

http://secunia.com/advisories/60609

Source: secalert@redhat.com

http://secunia.com/advisories/60696

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3008

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3021

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/69325

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2344-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2369-1

Source: secalert@redhat.com

https://bugs.php.net/bug.php?id=67716

Source: secalert@redhat.com

PatchVendor Advisory

https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233

Source: secalert@redhat.com

ExploitPatch

https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947

Source: secalert@redhat.com

ExploitPatch

https://security-tracker.debian.org/tracker/CVE-2014-3587

Source: secalert@redhat.com

https://support.apple.com/HT204659

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1326.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1327.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1765.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1766.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0760.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60609

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60696

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3008

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3021

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69325

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2344-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2369-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=67716

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://security-tracker.debian.org/tracker/CVE-2014-3587

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT204659

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.