CVE-2014-3479

Description

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVSS Metrics

• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 5.92%• Percentile: 91%

Affected Systems

• debian•debian_linux

  7.0 | 8.0

• file_project•file

  < 5.19

• opensuse•opensuse

  11.4

• oracle•linux

  7

• Unknown•PHP

  < 5.3.29 | ≥ 5.4.0, < 5.4.30 | ≥ 5.5.0, < 5.5.14

References (18)

• https://support.apple.com/HT204659
• https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
• http://rhn.redhat.com/errata/RHSA-2014-1766.html
• http://www.debian.org/security/2014/dsa-3021
• http://marc.info/?l=bugtraq&m=141017844705317&w=2
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://www.debian.org/security/2014/dsa-2974
• http://secunia.com/advisories/59794
• http://www.php.net/ChangeLog-5.php
• http://mx.gw.com/pipermail/file/2014/001553.html
• http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
• http://support.apple.com/kb/HT6443
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
• http://rhn.redhat.com/errata/RHSA-2014-1765.html
• https://bugs.php.net/bug.php?id=67411
• http://www.securityfocus.com/bid/68241
• http://secunia.com/advisories/59831
• http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html