CVSS: 5.0EPSS: 15%CPEs: 79EXPL: 1CVE-2014-3478 – file: mconvert incorrect handling of truncated pascal string size
https://notcve.org/view.php?id=CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. Desbordamiento de buffer en la función mconvert en softmagic.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de una cadena Pascal manipulada en una conversión FILE_PSTRING. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://mx.gw.com/pipermail/file/2014/001553.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://su • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3981
https://notcve.org/view.php?id=CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. acinclude.m4, utilizado en la secuencia de comandos de configuración en PHP 5.5.13 y anteriores, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/phpglibccheck. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91bcadd85e20e50d3f8c2e9721327681640e6f16 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://openwall.com/lists/oss-security/2014/06/06/12 http://seclists.org/fulldisclosure/2014/Jun/21 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21683486 http://www.oracl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0CVE-2014-0237 – file: cdf_unpack_summary_info() excessive looping DoS
https://notcve.org/view.php?id=CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. La función cdf_unpack_summary_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) mediante la provocación de muchas llamadas file_printf. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 10%CPEs: 5EXPL: 0CVE-2014-0238 – file: CDF property info parsing nelements infinite loop
https://notcve.org/view.php?id=CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. La función cdf_read_property_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (bucle infinito o acceso a memoria fuera de rango) a través de un vector que (1) tiene longitud cero o (2) es demasiado largo. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 1%CPEs: 32EXPL: 1CVE-2014-2497 – gd: NULL pointer dereference in gdImageCreateFromXpm()
https://notcve.org/view.php?id=CVE-2014-2497
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. La función gdImageCreateFromXpm en gdxpm.c en libgd, utilizado en PHP 5.4.26 y anteriores, permite a atacantes remotos causar una denegación de servicio (referencia a puntero cero y caída de aplicación) a través de una tabla de color manipulada en un archivo XPM. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. • http://advisories.mageia.org/MGASA-2014-0288.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1326.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://se • CWE-476: NULL Pointer Dereference •