Vulnerabilites related to christos_zoulas - file
cve-2009-1515
Vulnerability from cvelistv5
Published
2009-05-04 16:12
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:129 | vendor-advisory, x_refsource_MANDRIVA | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/34745 | vdb-entry, x_refsource_BID | |
| http://mx.gw.com/pipermail/file/2009/000379.html | mailing-list, x_refsource_MLIST | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820 | x_refsource_MISC | |
| ftp://ftp.astron.com/pub/file/file-5.01.tar.gz | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34881 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/54100 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2009:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
},
{
"name": "34745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34745"
},
{
"name": "[file] 20090501 file 5.01 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2009/000379.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
},
{
"name": "34881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34881"
},
{
"name": "54100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2009:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
},
{
"name": "34745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34745"
},
{
"name": "[file] 20090501 file 5.01 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2009/000379.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
},
{
"name": "34881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34881"
},
{
"name": "54100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2009:129",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
},
{
"name": "34745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34745"
},
{
"name": "[file] 20090501 file 5.01 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2009/000379.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
},
{
"name": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
},
{
"name": "34881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34881"
},
{
"name": "54100",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1515",
"datePublished": "2009-05-04T16:12:00",
"dateReserved": "2009-05-04T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3478
Vulnerability from cvelistv5
Published
2014-07-09 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-2974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"name": "59794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
},
{
"name": "68239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68239"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=67410"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "59831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-2974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"name": "59794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
},
{
"name": "68239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68239"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=67410"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "59831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3478",
"datePublished": "2014-07-09T10:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0207
Vulnerability from cvelistv5
Published
2014-07-09 10:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "68243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68243"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-2974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"name": "59794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=67326"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "59831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "68243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68243"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-2974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"name": "59794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=67326"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "59831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0207",
"datePublished": "2014-07-09T10:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7345
Vulnerability from cvelistv5
Published
2014-03-23 15:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993 | x_refsource_CONFIRM | |
| http://bugs.gw.com/view.php?id=164 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT6443 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1765.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-2873 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gw.com/view.php?id=164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "DSA-2873",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-13T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gw.com/view.php?id=164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "DSA-2873",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
},
{
"name": "http://bugs.gw.com/view.php?id=164",
"refsource": "CONFIRM",
"url": "http://bugs.gw.com/view.php?id=164"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "DSA-2873",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7345",
"datePublished": "2014-03-23T15:00:00",
"dateReserved": "2014-03-23T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3930
Vulnerability from cvelistv5
Published
2009-11-10 19:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mx.gw.com/pipermail/file/2009/000382.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/37074 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[file] 20090504 file-5.02 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2009/000382.html"
},
{
"name": "37074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[file] 20090504 file-5.02 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2009/000382.html"
},
{
"name": "37074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[file] 20090504 file-5.02 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2009/000382.html"
},
{
"name": "37074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3930",
"datePublished": "2009-11-10T19:00:00",
"dateReserved": "2009-11-10T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1571
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2422 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:035 | vendor-advisory, x_refsource_MANDRIVA | |
| https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b | x_refsource_CONFIRM | |
| http://mx.gw.com/pipermail/file/2012/000914.html | mailing-list, x_refsource_MLIST | |
| https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2123-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2422",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2422"
},
{
"name": "MDVSA-2012:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
},
{
"name": "[file] 20120221 file-5.11 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2012/000914.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
},
{
"name": "USN-2123-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2123-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2422",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2422"
},
{
"name": "MDVSA-2012:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
},
{
"name": "[file] 20120221 file-5.11 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2012/000914.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
},
{
"name": "USN-2123-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2123-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2422",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2422"
},
{
"name": "MDVSA-2012:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
},
{
"name": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b",
"refsource": "CONFIRM",
"url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
},
{
"name": "[file] 20120221 file-5.11 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2012/000914.html"
},
{
"name": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295",
"refsource": "CONFIRM",
"url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
},
{
"name": "USN-2123-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2123-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1571",
"datePublished": "2012-07-17T21:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3587
Vulnerability from cvelistv5
Published
2014-08-23 01:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2369-1"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "60609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2014:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "69325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69325"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=67716"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2369-1"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "60609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2014:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "69325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69325"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=67716"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2369-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2369-1"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "60609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"name": "RHSA-2016:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3587",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2014:1326",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "DSA-3008",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "69325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69325"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
},
{
"name": "https://bugs.php.net/bug.php?id=67716",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67716"
},
{
"name": "60696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3587",
"datePublished": "2014-08-23T01:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3538
Vulnerability from cvelistv5
Published
2014-07-03 14:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:16.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "68348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/30/7"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "68348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/30/7"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
},
{
"name": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3021",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
},
{
"name": "RHSA-2016:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "68348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68348"
},
{
"name": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/30/7"
},
{
"name": "[file] 20140612 file-5.19 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "DSA-3008",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
},
{
"name": "60696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60696"
},
{
"name": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3538",
"datePublished": "2014-07-03T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:16.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-07-09 11:07
Modified
2024-11-21 02:01
Severity ?
Summary
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE954D26-5D85-426F-ADF5-94177F88C21C",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "388E0CDF-737F-437E-B4D9-1001E0651387",
"versionEndExcluding": "5.3.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD052020-AA37-4F49-A0FE-EA99616C12C7",
"versionEndExcluding": "5.4.30",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADC6057-9D35-4D87-B15D-F6F52A283464",
"versionEndExcluding": "5.5.14",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file."
},
{
"lang": "es",
"value": "La funci\u00f3n cdf_read_short_sector en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y cierre de aplicaci\u00f3n) a trav\u00e9s de un fichero CDF manipulado."
}
],
"id": "CVE-2014-0207",
"lastModified": "2024-11-21T02:01:38.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-09T11:07:01.243",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59794"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59831"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68243"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=67326"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT204659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=67326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT204659"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-09 11:07
Modified
2024-11-21 02:08
Severity ?
Summary
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDEA321-FC13-42AE-9250-0C6055D9B280",
"versionEndIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F1981126-D773-49B6-BD3D-F17BC37352CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "00EF31A2-E788-4111-8C46-DB6C8F8724C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1587EAB1-5322-4264-A7E5-D70DA68F6B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DC514A20-168F-4653-8BBA-D068ACA3D2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F4E1A-EA88-4858-9431-E82B2D415FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D0625D-452F-4CE1-9A5F-6439AB6DE981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBFF148-DEAA-4D7C-9CFC-556FEADAB619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*",
"matchCriteriaId": "C99F7C59-F1C5-4202-A86F-90173D0FCF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AA7E7E-60C1-40BD-AD21-5FDD92485FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4DBB2C-5C87-42C8-BA3D-FF852C467013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B513E684-36C2-45D7-A166-3B42018AB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBA4D40-EE73-4F38-ABA6-3840A67F097F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8A647100-18D6-4741-B147-BBA95215BF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A554A0-AA80-419E-AEBD-6E659300316C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "91B2F536-84E5-44A6-B515-2BD68E9906B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3814C047-D9FF-44E6-94FE-29B3B0F9F53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B56BEB99-306B-438A-81E4-212AF53D0719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1055C4A6-94BE-40CB-BAB4-39C08F5A7F8C",
"versionEndIncluding": "5.4.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B361FDE-9F6A-4E9A-96F1-619DC56EECB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBD9E7B-1237-47A8-8A07-5CC5246A9C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2BB41E-2096-4291-B0ED-06825FDFE8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA94F7-1AF9-415C-AC21-30BC25C74C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A739A0-698A-422B-886B-430A79F6E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "086E0D24-A43E-4CEA-9FB0-FE193B88CC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8D0963-8CA5-4814-9B6D-4E1C3907737B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77A4B7E0-C872-4E53-AD72-1BB2755E4FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EECCD553-53D5-485E-8C21-E2A5070833B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "95357C79-A754-4E0C-B65B-0FA241962B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "25EAF9A9-F7A1-4AC7-BCFD-769BE0FDB537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74EA8037-7C22-48B3-9FA2-4BFFFFD513D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D1254E-0C72-4958-BA7F-5B818C3ACB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92994FFC-F362-48AC-9CA8-8EBCAC880C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21131DF1-1EE5-4C84-B1E0-FA75BC39B344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B23F85D-465B-4176-9798-E78AADE421EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADEE52B4-8392-4321-8C00-FABA6270E728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57D74F58-DB3A-4A70-93CF-B350DB65EF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEE86A0-C3FC-446E-8DF0-4FA32F741E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "90B670B6-A211-40C6-A8A0-1B0188EF891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC4776-F3FF-42D8-AC6E-4746987D30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "41DC16B7-7A45-4BDE-B340-F17D97CA3BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD7C2E6-9B34-4890-A0D1-39BB8ECA47E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8F72EC-7431-4B36-89EF-E7593ACFBFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "86E9AC84-430D-4FDA-8FFE-B77E17803A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "5238A7AE-D3FD-4465-95D7-F9C8787F9463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "6B877725-43E7-479E-9FA3-6D2FFE89B620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33BBC0-9D17-4369-A52D-B4B65150380A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "95E112B5-12CC-40D5-AA1E-B5FB1ABC831E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B078B1E5-14BD-4004-8384-4656E1063EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "3D25E591-448C-4E3B-8557-6E48F7571796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "3AF783C9-26E7-4E02-BD41-77B9783667E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "7AEDF6F7-001D-4A35-A26F-417991AD377F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "4031DB99-B4B4-41EC-B3C1-543D92C575A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D5450EA7-A398-49D2-AA8E-7C95B074BAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BB8E09D8-9CBE-4279-88B7-24A214A5A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2D41ECCE-887D-49A2-9BB3-B559495AC55B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "79B418BC-27F4-4443-A0F7-FF4ADA568C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n mconvert en softmagic.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena Pascal manipulada en una conversi\u00f3n FILE_PSTRING."
}
],
"id": "CVE-2014-3478",
"lastModified": "2024-11-21T02:08:11.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-09T11:07:01.587",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59794"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59831"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/68239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.php.net/bug.php?id=67410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/HT204659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.php.net/bug.php?id=67410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT204659"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-04 16:30
Modified
2024-11-21 01:02
Severity ?
Summary
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christos_zoulas | file | 5.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la funci\u00f3n cdf_read_sat en src/cdf.c en Christos Zoulas file v5.00, permite a atacantes remotos asistidos por usuarios ejecutar c\u00f3digo se su elecci\u00f3n a trav\u00e9s de un componente del fichero de documentaci\u00f3n manipulado, como se demuestra por ficheros .msi, .doc o .mpp. NOTA: algunos de estos detalles se han obtenido de terceras partes."
}
],
"id": "CVE-2009-1515",
"lastModified": "2024-11-21T01:02:38.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-04T16:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
},
{
"source": "cve@mitre.org",
"url": "http://mx.gw.com/pipermail/file/2009/000379.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34881"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/54100"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mx.gw.com/pipermail/file/2009/000379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/54100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34745"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2024-11-21 01:37
Severity ?
Summary
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christos_zoulas | file | * | |
| tim_robbins | libmagic | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D83F9EC-3ED0-45B4-B928-0B664ED4ED46",
"versionEndIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_robbins:libmagic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D83103B-2316-4943-8082-FC4CDC754256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
},
{
"lang": "es",
"value": "archivo antes de v5.11 y libmagic permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo de documento elaborado compuesto (CDF) que activa (1) una lectura fuera de l\u00edmites o (2) una desreferencia de puntero no v\u00e1lido."
}
],
"id": "CVE-2012-1571",
"lastModified": "2024-11-21T01:37:13.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-17T21:55:01.413",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://mx.gw.com/pipermail/file/2012/000914.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2422"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2123-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mx.gw.com/pipermail/file/2012/000914.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2123-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 16:31
Modified
2024-11-21 02:00
Severity ?
Summary
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christos_zoulas | file | * | |
| php | php | * | |
| php | php | * | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68332B19-F2A7-4677-A4D4-F2DD319817EC",
"versionEndExcluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0A4D68-12AA-43A0-B18C-41D09BE7A4B9",
"versionEndExcluding": "5.4.27",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E368DFE-D18B-4B1B-BB33-7C0C41DE6474",
"versionEndExcluding": "5.5.11",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
},
{
"lang": "es",
"value": "La expresi\u00f3n regular BEGIN en el detector de script de awk en el archivo magic/Magdir/commands anterior a 5.15 utiliza m\u00faltiples comodines con repeticiones ilimitadas, lo que permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un archivo ASCII manipulado que provoca una gran cantidad de retroceso, como se demostr\u00f3 a trav\u00e9s de un archivo con muchos caracteres de nueva l\u00ednea."
}
],
"id": "CVE-2013-7345",
"lastModified": "2024-11-21T02:00:47.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T16:31:08.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://bugs.gw.com/view.php?id=164"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2873"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://bugs.gw.com/view.php?id=164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-03 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christos_zoulas | file | * | |
| christos_zoulas | file | 5.00 | |
| christos_zoulas | file | 5.01 | |
| christos_zoulas | file | 5.02 | |
| christos_zoulas | file | 5.03 | |
| christos_zoulas | file | 5.04 | |
| christos_zoulas | file | 5.05 | |
| christos_zoulas | file | 5.06 | |
| christos_zoulas | file | 5.07 | |
| christos_zoulas | file | 5.08 | |
| christos_zoulas | file | 5.09 | |
| christos_zoulas | file | 5.10 | |
| christos_zoulas | file | 5.11 | |
| christos_zoulas | file | 5.12 | |
| christos_zoulas | file | 5.13 | |
| christos_zoulas | file | 5.14 | |
| christos_zoulas | file | 5.15 | |
| christos_zoulas | file | 5.16 | |
| christos_zoulas | file | 5.17 | |
| php | php | * | |
| php | php | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDEA321-FC13-42AE-9250-0C6055D9B280",
"versionEndIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F1981126-D773-49B6-BD3D-F17BC37352CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "00EF31A2-E788-4111-8C46-DB6C8F8724C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1587EAB1-5322-4264-A7E5-D70DA68F6B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DC514A20-168F-4653-8BBA-D068ACA3D2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F4E1A-EA88-4858-9431-E82B2D415FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D0625D-452F-4CE1-9A5F-6439AB6DE981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBFF148-DEAA-4D7C-9CFC-556FEADAB619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*",
"matchCriteriaId": "C99F7C59-F1C5-4202-A86F-90173D0FCF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AA7E7E-60C1-40BD-AD21-5FDD92485FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4DBB2C-5C87-42C8-BA3D-FF852C467013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B513E684-36C2-45D7-A166-3B42018AB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBA4D40-EE73-4F38-ABA6-3840A67F097F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8A647100-18D6-4741-B147-BBA95215BF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A554A0-AA80-419E-AEBD-6E659300316C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "91B2F536-84E5-44A6-B515-2BD68E9906B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3814C047-D9FF-44E6-94FE-29B3B0F9F53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B56BEB99-306B-438A-81E4-212AF53D0719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA4B7F2-077A-4430-9C97-B9E4D6702A4E",
"versionEndExcluding": "5.4.32",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41894FC6-A57E-40F1-B05F-24E89B1D7810",
"versionEndExcluding": "5.5.16",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
},
{
"lang": "es",
"value": "file anterior a 5.19 no restringe debidamente la cantidad de datos le\u00eddos durante una b\u00fasqueda regex, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un fichero manipulado que provoca un retroceso durante el procesamiento de una norma awk. NOTA: esta vulnerabilidad existe debido a una soluciona incompleta para CVE-2013-7345."
}
],
"id": "CVE-2014-3538",
"lastModified": "2024-11-21T02:08:19.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-03T14:55:07.537",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/30/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60696"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68348"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT204659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://mx.gw.com/pipermail/file/2014/001553.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/30/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT204659"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-23 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DABBDD-4C90-4328-8AA5-7F0DBC5C5753",
"versionEndIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F1981126-D773-49B6-BD3D-F17BC37352CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "00EF31A2-E788-4111-8C46-DB6C8F8724C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "1587EAB1-5322-4264-A7E5-D70DA68F6B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "DC514A20-168F-4653-8BBA-D068ACA3D2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F4E1A-EA88-4858-9431-E82B2D415FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D0625D-452F-4CE1-9A5F-6439AB6DE981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBFF148-DEAA-4D7C-9CFC-556FEADAB619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*",
"matchCriteriaId": "C99F7C59-F1C5-4202-A86F-90173D0FCF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AA7E7E-60C1-40BD-AD21-5FDD92485FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4DBB2C-5C87-42C8-BA3D-FF852C467013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B513E684-36C2-45D7-A166-3B42018AB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBA4D40-EE73-4F38-ABA6-3840A67F097F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8A647100-18D6-4741-B147-BBA95215BF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A554A0-AA80-419E-AEBD-6E659300316C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "91B2F536-84E5-44A6-B515-2BD68E9906B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3814C047-D9FF-44E6-94FE-29B3B0F9F53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B56BEB99-306B-438A-81E4-212AF53D0719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "22B4D878-C3F1-43A6-8354-B986AF7538F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AAB5BB1-6118-43E2-AE1E-2E824B79D493",
"versionEndIncluding": "5.4.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2F332C82-FD1F-44BC-9FEB-69A463CF5B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.0:beta2:32-bit:*:*:*:*:*",
"matchCriteriaId": "47D6EBD2-7387-4936-B4C9-0D6C83916BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6B052DD4-8A4E-44A0-A4ED-CC9E8757EBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B361FDE-9F6A-4E9A-96F1-619DC56EECB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBD9E7B-1237-47A8-8A07-5CC5246A9C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2BB41E-2096-4291-B0ED-06825FDFE8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA94F7-1AF9-415C-AC21-30BC25C74C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A739A0-698A-422B-886B-430A79F6E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "086E0D24-A43E-4CEA-9FB0-FE193B88CC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8D0963-8CA5-4814-9B6D-4E1C3907737B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77A4B7E0-C872-4E53-AD72-1BB2755E4FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EECCD553-53D5-485E-8C21-E2A5070833B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "95357C79-A754-4E0C-B65B-0FA241962B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "25EAF9A9-F7A1-4AC7-BCFD-769BE0FDB537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74EA8037-7C22-48B3-9FA2-4BFFFFD513D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D1254E-0C72-4958-BA7F-5B818C3ACB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92994FFC-F362-48AC-9CA8-8EBCAC880C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21131DF1-1EE5-4C84-B1E0-FA75BC39B344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B23F85D-465B-4176-9798-E78AADE421EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0FB69-9BB2-4CCA-87C5-18368109D6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADEE52B4-8392-4321-8C00-FABA6270E728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57D74F58-DB3A-4A70-93CF-B350DB65EF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEE86A0-C3FC-446E-8DF0-4FA32F741E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "90B670B6-A211-40C6-A8A0-1B0188EF891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC4776-F3FF-42D8-AC6E-4746987D30BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "41DC16B7-7A45-4BDE-B340-F17D97CA3BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD7C2E6-9B34-4890-A0D1-39BB8ECA47E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8F72EC-7431-4B36-89EF-E7593ACFBFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "86E9AC84-430D-4FDA-8FFE-B77E17803A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "5238A7AE-D3FD-4465-95D7-F9C8787F9463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "6B877725-43E7-479E-9FA3-6D2FFE89B620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33BBC0-9D17-4369-A52D-B4B65150380A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "95E112B5-12CC-40D5-AA1E-B5FB1ABC831E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B078B1E5-14BD-4004-8384-4656E1063EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "27BB02F3-99A1-428C-A3C9-614B1277C88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "42873F3E-55BA-4CF3-BA13-13E49E59C363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "3D25E591-448C-4E3B-8557-6E48F7571796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "3AF783C9-26E7-4E02-BD41-77B9783667E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "7AEDF6F7-001D-4A35-A26F-417991AD377F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "4031DB99-B4B4-41EC-B3C1-543D92C575A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D5450EA7-A398-49D2-AA8E-7C95B074BAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BB8E09D8-9CBE-4279-88B7-24A214A5A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2D41ECCE-887D-49A2-9BB3-B559495AC55B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "79B418BC-27F4-4443-A0F7-FF4ADA568C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFE682F-52E3-48EC-A993-F522FC29712F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "840EE3AC-5293-4F33-9E2C-96A0A2534B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n cdf_read_property_info en cdf.c en ficheros hasta 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.32 y 5.5.x anterior a 5.5.16, permite a atacantes remotos causar una denegaci\u00f3n de servicios (la ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero CDF manipulado. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2012-1571."
}
],
"id": "CVE-2014-3587",
"lastModified": "2024-11-21T02:08:27.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-23T01:55:01.977",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://php.net/ChangeLog-5.php"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60609"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60696"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/69325"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2369-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=67716"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
},
{
"source": "secalert@redhat.com",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/HT204659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://php.net/ChangeLog-5.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2369-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=67716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT204659"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-10 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christos_zoulas | file | * | |
| christos_zoulas | file | 3.30 | |
| christos_zoulas | file | 3.31 | |
| christos_zoulas | file | 3.32 | |
| christos_zoulas | file | 3.33 | |
| christos_zoulas | file | 3.34 | |
| christos_zoulas | file | 3.36 | |
| christos_zoulas | file | 3.37 | |
| christos_zoulas | file | 3.38 | |
| christos_zoulas | file | 3.39 | |
| christos_zoulas | file | 3.40 | |
| christos_zoulas | file | 3.41 | |
| christos_zoulas | file | 4.01 | |
| christos_zoulas | file | 4.02 | |
| christos_zoulas | file | 4.03 | |
| christos_zoulas | file | 4.04 | |
| christos_zoulas | file | 4.06 | |
| christos_zoulas | file | 4.07 | |
| christos_zoulas | file | 4.08 | |
| christos_zoulas | file | 4.09 | |
| christos_zoulas | file | 4.11 | |
| christos_zoulas | file | 4.12 | |
| christos_zoulas | file | 4.13 | |
| christos_zoulas | file | 4.14 | |
| christos_zoulas | file | 4.15 | |
| christos_zoulas | file | 4.16 | |
| christos_zoulas | file | 4.17 | |
| christos_zoulas | file | 4.19 | |
| christos_zoulas | file | 4.20 | |
| christos_zoulas | file | 4.21 | |
| christos_zoulas | file | 4.23 | |
| christos_zoulas | file | 4.24 | |
| christos_zoulas | file | 4.25 | |
| christos_zoulas | file | 4.26 | |
| christos_zoulas | file | 5.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FC99B1-2B8B-4D1A-9862-88C7A11F5012",
"versionEndIncluding": "5.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "54717F95-DCD4-4AA0-989B-A72545496314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "83AA36FC-A47F-45AA-8754-E975BF5C75C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DE688C-1F8F-4769-B041-3692CB8447F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA3C5EE-F2F4-4906-A9CA-4D7D7CA5E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA857D0-9938-4109-8057-06E9EDFDC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "172DF2EE-C32A-42FE-BEDD-0DE98A00218D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "483B2F0D-0246-42EE-9E59-AA301C6761A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "1C168BDF-B1DB-4948-BD33-0CD584F8DD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "140B2E4F-ACD7-473F-A6D6-207F23128C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "354A89D8-6C36-4EF7-B5BE-8D2179E96788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "045C73F3-864C-4FFB-9E51-DE9CCA3C8D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "92CA097D-A58D-4EA9-BC52-7014D464F087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D01BCBD5-EDD3-4FB6-AEF5-55DD4B0397A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.03:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE8DA90-3E99-4F94-890F-EA09CA39826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.04:*:*:*:*:*:*:*",
"matchCriteriaId": "02BD52B1-FDB6-4640-AB27-A3A75C74BB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.06:*:*:*:*:*:*:*",
"matchCriteriaId": "8D839F4E-4DE8-4101-9EAA-B8930AABF48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.07:*:*:*:*:*:*:*",
"matchCriteriaId": "24E893D9-89C6-4230-BF26-5430A8E83A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.08:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7CB9E5-4E6C-4D79-B9ED-E60B7D45FC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.09:*:*:*:*:*:*:*",
"matchCriteriaId": "3E788A36-73FF-4DE7-BA18-66C6ECA9911F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "188DA67D-E441-4BCF-9BCF-BF02F501AE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "56463FD8-B9D5-467D-BFEA-81B92C086B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7752D6-36CD-4121-9F89-CFABB0C55D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CAF79C-8839-489D-A2B3-ECB97A48B6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "602676CC-21E6-4826-9A00-C56A6A655587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D3F0C9-6573-4871-83BB-19E5AE8EEFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4D59F2-FD8B-472E-9A01-F1950619DA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "289D758F-8662-49F3-B532-A00AD29D9867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BB0AD8-68BA-4DFB-A911-6DDE25823640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B534C755-B24A-4A7A-B60E-255F2B0E4880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCE9B1F-7793-4B3B-9CED-DC5296A33EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "45027274-FB37-4F06-A9A0-C2D288E1E6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DC84FE48-475F-4573-9BF2-8C62C2743C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4822A6-7715-4A10-9463-79F5537CE5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamiento de b\u00fafer en Christos Zoulas file before v5.02 permite a atacantes asistidos remotamente por usuarios tienen un impacto no especificado a trav\u00e9s de un componente de documento manipulado (como cdf) archivo que provoca un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2009-3930",
"lastModified": "2024-11-21T01:08:32.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-10T19:30:01.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mx.gw.com/pipermail/file/2009/000382.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mx.gw.com/pipermail/file/2009/000382.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37074"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}