Description

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

Remediation

References

CVE-2014-3479

Related Vulnerabilities

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (10.0.1)

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.6)

Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2178)

MySQL CVE-2018-2780 Vulnerability (CVE-2018-2780)

Severity

Medium

Classification

CVE-2014-3479

Tags

Missing Update Known Vulnerabilities