CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-0207 – file: cdf_read_short_sector insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-0207
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. La función cdf_read_short_sector en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de aplicación) a través de un fichero CDF manipulado. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://mx.gw.com/pipermail/file/2014/001553.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://support.apple.com/kb/HT6443 http://www.debian.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 15%CPEs: 79EXPL: 1CVE-2014-3478 – file: mconvert incorrect handling of truncated pascal string size
https://notcve.org/view.php?id=CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. Desbordamiento de buffer en la función mconvert en softmagic.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de una cadena Pascal manipulada en una conversión FILE_PSTRING. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://mx.gw.com/pipermail/file/2014/001553.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://su • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-3480 – file: cdf_count_chain insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3480
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_count_chain function en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente datos de la cuenta de sectores, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un fichero CDF manipulado. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://mx.gw.com/pipermail/file/2014/001553.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://support.apple.com/kb/HT6443 http://www.debian.org/ •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 0CVE-2014-3487 – file: cdf_read_property_info insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3487
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_read_property_info en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente un desplazamiento de flujo, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un fichero CDF manipulado. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://mx.gw.com/pipermail/file/2014/001553.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://support.apple.com/kb/HT6443 http://www.debian.org/ • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 1CVE-2014-4721 – php: type confusion issue in phpinfo() leading to information leak
https://notcve.org/view.php?id=CVE-2014-4721
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. La implementación phpinfo en ext/standard/info.c en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14 no asegura el uso del tipo de datos de cadenas para las variables PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER y PHP_SELF, lo que podría permitir a atacantes dependientes de contexto obtener información sensible de la memoria de proceso mediante el uso de el tipo de datos de enteros con valores manipulados, relacionado con una vulnerabilidad de 'confusión de tipo', tal y como fue demostrado mediante la lectura de una clave SSL privada en un entorno de alojamiento web de Apache HTTP Server con mod_ssl y un 5.3.x mod_php de PHP. A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. • http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/54553 http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://twitter.com/mikispag/statuses/485713462258302976 http://www-01.ibm.com/support/docview.wss?uid=swg21683486 http://www.debian.org/security/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •