CVE-2014-3587

Advisory lineage Upstream: 0 Downstream: 21
Modified
Published: 23 Aug 2014, 01:00
Last modified:06 Aug 2024, 10:50

Vulnerability Summary

Overall Risk (default)
medium
33/100
CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
30.21% HIGH
30% probability +11.09%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

23 Aug 2014, 01:00
Published
Vulnerability first disclosed
06 Aug 2024, 10:50
Last Modified
Vulnerability information updated

Description

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

CVSS Metrics

  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 30.21% Percentile: 97%

Techniques & Countermeasures

  • CWE-189Numeric Errors

    Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

  • christos_zoulasfile

    ≤ 5.19 | 5.00 | 5.01 | 5.02 | 5.03 | 5.04 | 5.05 | 5.06 | 5.07 | 5.08 | 5.09 | 5.10 | 5.11 | 5.12 | 5.13 | 5.14 | 5.15 | 5.16 | 5.17 | 5.18

  • UnknownPHP

    ≤ 5.4.31 | 5.4.0 | 5.4.0:beta2 | 5.4.0:rc2 | 5.4.1 | 5.4.2 | 5.4.3 | 5.4.4 | 5.4.5 | 5.4.6 | 5.4.7 | 5.4.8 | 5.4.9 | 5.4.10 | 5.4.11 | 5.4.12 | 5.4.12:rc1 | 5.4.12:rc2 | 5.4.13 | 5.4.13:rc1 | 5.4.14 | 5.4.14:rc1 | 5.4.15 | 5.4.15:rc1 | 5.4.16:rc1 | 5.4.17 | 5.4.18 | 5.4.19 | 5.4.20 | 5.4.21 | 5.4.22 | 5.4.23 | 5.4.24 | 5.4.25 | 5.4.26 | 5.4.27 | 5.4.28 | 5.4.29 | 5.4.30 | 5.5.0 | 5.5.0:alpha1 | 5.5.0:alpha2 | 5.5.0:alpha3 | 5.5.0:alpha4 | 5.5.0:alpha5 | 5.5.0:alpha6 | 5.5.0:beta1 | 5.5.0:beta2 | 5.5.0:beta3 | 5.5.0:beta4 | 5.5.0:rc1 | 5.5.0:rc2 | 5.5.1 | 5.5.2 | 5.5.3 | 5.5.4 | 5.5.5 | 5.5.6 | 5.5.7 | 5.5.8 | 5.5.9 | 5.5.10 | 5.5.11 | 5.5.12 | 5.5.13 | 5.5.14 | 5.5.15

References (23)