CVE-2014-0207
file: cdf_read_short_sector insufficient boundary check
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
La función cdf_read_short_sector en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de aplicación) a través de un fichero CDF manipulado.
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query. A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size. Multiple flaws were found in the way file parsed property information from Composite Document Files files, due to insufficient boundary checks on buffers. PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.5.14, which fix this issue and several other bugs. The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.5 version.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-07-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://mx.gw.com/pipermail/file/2014/001553.html | Broken Link | |
| http://secunia.com/advisories/59794 | Not Applicable | |
| http://secunia.com/advisories/59831 | Not Applicable | |
| http://support.apple.com/kb/HT6443 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/68243 | Third Party Advisory | |
| https://support.apple.com/HT204659 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=67326 | 2022-09-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1091842 | 2015-11-19 | |
| https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391 | 2022-09-28 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | 2022-09-28 | |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html | 2022-09-28 | |
| http://marc.info/?l=bugtraq&m=141017844705317&w=2 | 2022-09-28 | |
| http://rhn.redhat.com/errata/RHSA-2014-1765.html | 2022-09-28 | |
| http://rhn.redhat.com/errata/RHSA-2014-1766.html | 2022-09-28 | |
| http://www.debian.org/security/2014/dsa-2974 | 2022-09-28 | |
| http://www.debian.org/security/2014/dsa-3021 | 2022-09-28 | |
| http://www.php.net/ChangeLog-5.php | 2022-09-28 | |
| https://access.redhat.com/security/cve/CVE-2014-0207 | 2015-11-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | < 5.19 Search vendor "Christos Zoulas" for product "File" and version " < 5.19" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | < 5.3.29 Search vendor "Php" for product "Php" and version " < 5.3.29" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.4.0 < 5.4.30 Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.5.0 < 5.5.14 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.14" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||