CVE-2014-3587
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Desbordamiento de enteros en la función cdf_read_property_info en cdf.c en ficheros hasta 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.32 y 5.5.x anterior a 5.5.16, permite a atacantes remotos causar una denegación de servicios (la caída de la aplicación) a través de un fichero CDF manipulado. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-1571.
It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-08-21 CVE Published
- 2024-04-04 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (25)
URL | Tag | Source |
---|---|---|
http://php.net/ChangeLog-5.php | X_refsource_confirm | |
http://secunia.com/advisories/60609 | Third Party Advisory | |
http://secunia.com/advisories/60696 | Third Party Advisory | |
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/69325 | Vdb Entry | |
https://security-tracker.debian.org/tracker/CVE-2014-3587 | X_refsource_confirm | |
https://support.apple.com/HT204659 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233 | 2024-08-06 | |
https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://bugs.php.net/bug.php?id=67716 | 2018-01-05 |
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2014-1326.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2014-1327.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2014-1765.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2014-1766.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2016-0760.html | 2018-01-05 | |
http://www.debian.org/security/2014/dsa-3008 | 2018-01-05 | |
http://www.debian.org/security/2014/dsa-3021 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2344-1 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2369-1 | 2018-01-05 | |
https://access.redhat.com/security/cve/CVE-2014-3587 | 2016-05-10 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1128587 | 2016-05-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | <= 5.19 Search vendor "Christos Zoulas" for product "File" and version " <= 5.19" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.00 Search vendor "Christos Zoulas" for product "File" and version "5.00" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.01 Search vendor "Christos Zoulas" for product "File" and version "5.01" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.02 Search vendor "Christos Zoulas" for product "File" and version "5.02" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.03 Search vendor "Christos Zoulas" for product "File" and version "5.03" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.04 Search vendor "Christos Zoulas" for product "File" and version "5.04" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.05 Search vendor "Christos Zoulas" for product "File" and version "5.05" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.06 Search vendor "Christos Zoulas" for product "File" and version "5.06" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.07 Search vendor "Christos Zoulas" for product "File" and version "5.07" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.08 Search vendor "Christos Zoulas" for product "File" and version "5.08" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.09 Search vendor "Christos Zoulas" for product "File" and version "5.09" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.10 Search vendor "Christos Zoulas" for product "File" and version "5.10" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.11 Search vendor "Christos Zoulas" for product "File" and version "5.11" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.12 Search vendor "Christos Zoulas" for product "File" and version "5.12" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.13 Search vendor "Christos Zoulas" for product "File" and version "5.13" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.14 Search vendor "Christos Zoulas" for product "File" and version "5.14" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.15 Search vendor "Christos Zoulas" for product "File" and version "5.15" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.16 Search vendor "Christos Zoulas" for product "File" and version "5.16" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.17 Search vendor "Christos Zoulas" for product "File" and version "5.17" | - |
Affected
| ||||||
Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.18 Search vendor "Christos Zoulas" for product "File" and version "5.18" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.4.31 Search vendor "Php" for product "Php" and version " <= 5.4.31" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | beta2 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | beta2, 32-bit |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | rc2 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.1 Search vendor "Php" for product "Php" and version "5.4.1" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.2 Search vendor "Php" for product "Php" and version "5.4.2" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.3 Search vendor "Php" for product "Php" and version "5.4.3" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.4 Search vendor "Php" for product "Php" and version "5.4.4" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.5 Search vendor "Php" for product "Php" and version "5.4.5" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.6 Search vendor "Php" for product "Php" and version "5.4.6" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.7 Search vendor "Php" for product "Php" and version "5.4.7" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.8 Search vendor "Php" for product "Php" and version "5.4.8" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.9 Search vendor "Php" for product "Php" and version "5.4.9" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.10 Search vendor "Php" for product "Php" and version "5.4.10" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.11 Search vendor "Php" for product "Php" and version "5.4.11" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | rc1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | rc2 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.13 Search vendor "Php" for product "Php" and version "5.4.13" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.13 Search vendor "Php" for product "Php" and version "5.4.13" | rc1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.14 Search vendor "Php" for product "Php" and version "5.4.14" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.14 Search vendor "Php" for product "Php" and version "5.4.14" | rc1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.15 Search vendor "Php" for product "Php" and version "5.4.15" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.15 Search vendor "Php" for product "Php" and version "5.4.15" | rc1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.16 Search vendor "Php" for product "Php" and version "5.4.16" | rc1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.17 Search vendor "Php" for product "Php" and version "5.4.17" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.18 Search vendor "Php" for product "Php" and version "5.4.18" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.19 Search vendor "Php" for product "Php" and version "5.4.19" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.20 Search vendor "Php" for product "Php" and version "5.4.20" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.21 Search vendor "Php" for product "Php" and version "5.4.21" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.22 Search vendor "Php" for product "Php" and version "5.4.22" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.23 Search vendor "Php" for product "Php" and version "5.4.23" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.24 Search vendor "Php" for product "Php" and version "5.4.24" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.25 Search vendor "Php" for product "Php" and version "5.4.25" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.26 Search vendor "Php" for product "Php" and version "5.4.26" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.27 Search vendor "Php" for product "Php" and version "5.4.27" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.28 Search vendor "Php" for product "Php" and version "5.4.28" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.29 Search vendor "Php" for product "Php" and version "5.4.29" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.30 Search vendor "Php" for product "Php" and version "5.4.30" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha2 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha3 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha4 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha5 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha6 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta2 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta3 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta4 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | rc1 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | rc2 |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.1 Search vendor "Php" for product "Php" and version "5.5.1" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.2 Search vendor "Php" for product "Php" and version "5.5.2" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.3 Search vendor "Php" for product "Php" and version "5.5.3" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.4 Search vendor "Php" for product "Php" and version "5.5.4" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.5 Search vendor "Php" for product "Php" and version "5.5.5" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.6 Search vendor "Php" for product "Php" and version "5.5.6" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.7 Search vendor "Php" for product "Php" and version "5.5.7" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.8 Search vendor "Php" for product "Php" and version "5.5.8" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.9 Search vendor "Php" for product "Php" and version "5.5.9" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.10 Search vendor "Php" for product "Php" and version "5.5.10" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.11 Search vendor "Php" for product "Php" and version "5.5.11" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.12 Search vendor "Php" for product "Php" and version "5.5.12" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.13 Search vendor "Php" for product "Php" and version "5.5.13" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.14 Search vendor "Php" for product "Php" and version "5.5.14" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.15 Search vendor "Php" for product "Php" and version "5.5.15" | - |
Affected
|