MGASA-2014-0282

Advisory lineage Upstream: 4 Downstream: 0
Published: 04 Jul 2014, 18:26
Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Jul 2014, 18:26
Published
Vulnerability first disclosed
16 Apr 2026, 06:22
Last Modified
Vulnerability information updated

Description

Updated file packages fix security vulnerabilities A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file's libmagic library. Their announcement also references an issue in CDF file parsing, CVE-2014-0207, which was previously fixed in the file package in MGASA-2014-0252, but was not announced at that time.

Affected Systems

  • mageiafile

    < 5.12-8.5.mga3

  • mageiafile

    < 5.16-1.4.mga4

References (3)