CVE-2014-0238

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugs.php.net/bug.php?id=67327	Patch Vendor Advisory
http://www.php.net/ChangeLog-5.php	Vendor Advisory
https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0	Patch
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-3021
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
https://support.apple.com/HT204659
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/67765
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://secunia.com/advisories/60998
http://secunia.com/advisories/59418
http://secunia.com/advisories/59329
http://secunia.com/advisories/59061

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:5.5.12:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha2::::::
	cpe:2.3:a:php:php:5.5.0:alpha3::::::
	cpe:2.3:a:php:php:5.5.9:::::::*
	cpe:2.3:a:php:php:5.5.8:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha6::::::
	cpe:2.3:a:php:php:5.5.7:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha1::::::
	cpe:2.3:a:php:php:5.5.0:beta3::::::
	cpe:2.3:a:php:php:5.5.0:beta4::::::
	cpe:2.3:a:php:php:5.5.5:::::::*
	cpe:2.3:a:php:php:5.5.6:::::::*
	cpe:2.3:a:php:php:5.4.4:::::::*
	cpe:2.3:a:php:php:5.4.3:::::::*
	cpe:2.3:a:php:php:5.4.2:::::::*
	cpe:2.3:a:php:php:5.4.19:::::::*
	cpe:2.3:a:php:php:5.4.13:rc1::::::
	cpe:2.3:a:php:php:5.4.13:::::::*
	cpe:2.3:a:php:php:5.4.0:::::::*
	cpe:2.3:a:php:php:5.3.9:::::::*
	cpe:2.3:a:php:php:5.3.26:::::::*
	cpe:2.3:a:php:php:5.3.25:::::::*
	cpe:2.3:a:php:php:5.3.19:::::::*
	cpe:2.3:a:php:php:5.3.18:::::::*
	cpe:2.3:a:php:php:5.3.11:::::::*
	cpe:2.3:a:php:php:5.3.10:::::::*
	cpe:2.3:a:php:php:5.2.4:::::::*
	cpe:2.3:a:php:php:5.2.3:::::::*
	cpe:2.3:a:php:php:5.2.12:::::::*
	cpe:2.3:a:php:php:5.2.11:::::::*
	cpe:2.3:a:php:php:5.1.3:::::::*
	cpe:2.3:a:php:php:5.1.2:::::::*
	cpe:2.3:a:php:php:5.1.1:::::::*
	cpe:2.3:a:php:php:5.0.0:rc3::::::
	cpe:2.3:a:php:php:5.0.0:rc2::::::
	cpe:2.3:a:php:php:5.5.0:rc1::::::
	cpe:2.3:a:php:php:5.5.0:rc2::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.4.9:::::::*
	cpe:2.3:a:php:php:5.4.26:::::::*
	cpe:2.3:a:php:php:5.4.25:::::::*
	cpe:2.3:a:php:php:5.4.18:::::::*
	cpe:2.3:a:php:php:5.4.17:::::::*
	cpe:2.3:a:php:php:5.4.12:rc2::::::
	cpe:2.3:a:php:php:5.4.12:rc1::::::
	cpe:2.3:a:php:php:5.3.8:::::::*
	cpe:2.3:a:php:php:5.3.7:::::::*
	cpe:2.3:a:php:php:5.3.24:::::::*
	cpe:2.3:a:php:php:5.3.23:::::::*
	cpe:2.3:a:php:php:5.3.17:::::::*
	cpe:2.3:a:php:php:5.3.16:::::::*
	cpe:2.3:a:php:php:5.3.1:::::::*
	cpe:2.3:a:php:php:5.3.0:::::::*
	cpe:2.3:a:php:php:5.2.9:::::::*
	cpe:2.3:a:php:php:5.2.2:::::::*
	cpe:2.3:a:php:php:5.2.17:::::::*
	cpe:2.3:a:php:php:5.2.10:::::::*
	cpe:2.3:a:php:php:5.2.1:::::::*
	cpe:2.3:a:php:php:5.1.0:::::::*
	cpe:2.3:a:php:php:5.0.5:::::::*
	cpe:2.3:a:php:php:5.0.0:rc1::::::
	cpe:2.3:a:php:php:5.0.0:beta4::::::
	cpe:2.3:a:php:php:5.5.0:beta1::::::
	cpe:2.3:a:php:php:5.5.0:beta2::::::
cpe:2.3:a:php:php:5.5.3:::::::*
cpe:2.3:a:php:php:5.5.4:::::::*
cpe:2.3:a:php:php:5.4.6:::::::*
cpe:2.3:a:php:php:5.4.5:::::::*
cpe:2.3:a:php:php:5.4.22:::::::*
cpe:2.3:a:php:php:5.4.21:::::::*
cpe:2.3:a:php:php:5.4.20:::::::*
cpe:2.3:a:php:php:5.4.14:rc1::::::
cpe:2.3:a:php:php:5.4.14:::::::*
cpe:2.3:a:php:php:5.4.10:::::::*
cpe:2.3:a:php:php:5.4.1:::::::*
cpe:2.3:a:php:php:5.3.3:::::::*
cpe:2.3:a:php:php:5.3.27:::::::*
cpe:2.3:a:php:php:5.3.20:::::::*
cpe:2.3:a:php:php:5.3.2:::::::*
cpe:2.3:a:php:php:5.3.13:::::::*
cpe:2.3:a:php:php:5.3.12:::::::*
cpe:2.3:a:php:php:5.2.6:::::::*
cpe:2.3:a:php:php:5.2.5:::::::*
cpe:2.3:a:php:php:5.2.14:::::::*
cpe:2.3:a:php:php:5.2.13:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.0:beta1::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.5.11:::::::*
cpe:2.3:a:php:php:5.5.10:::::::*
cpe:2.3:a:php:php:5.5.0:alpha4::::::
cpe:2.3:a:php:php:5.5.0:alpha5::::::
cpe:2.3:a:php:php:5.5.1:::::::*
cpe:2.3:a:php:php:5.5.2:::::::*
cpe:2.3:a:php:php:5.4.8:::::::*
cpe:2.3:a:php:php:5.4.7:::::::*
cpe:2.3:a:php:php:5.4.24:::::::*
cpe:2.3:a:php:php:5.4.23:::::::*
cpe:2.3:a:php:php:5.4.16:rc1::::::
cpe:2.3:a:php:php:5.4.15:rc1::::::
cpe:2.3:a:php:php:5.4.12:::::::*
cpe:2.3:a:php:php:5.4.11:::::::*
cpe:2.3:a:php:php:5.3.6:::::::*
cpe:2.3:a:php:php:5.3.5:::::::*
cpe:2.3:a:php:php:5.3.4:::::::*
cpe:2.3:a:php:php:5.3.22:::::::*
cpe:2.3:a:php:php:5.3.21:::::::*
cpe:2.3:a:php:php:5.3.15:::::::*
cpe:2.3:a:php:php:5.3.14:::::::*
cpe:2.3:a:php:php:5.2.8:::::::*
cpe:2.3:a:php:php:5.2.7:::::::*
cpe:2.3:a:php:php:5.2.16:::::::*
cpe:2.3:a:php:php:5.2.15:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.0:beta3::::::
cpe:2.3:a:php:php:5.0.0:beta2::::::

Information

Published : 2014-06-01 04:29

Updated : 2017-01-07 02:59

NVD link : CVE-2014-0238

Mitre link : CVE-2014-0238

JSON object : View

Products Affected

php

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.0 /10