Description
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
Remediation
References
Related Vulnerabilities
Oracle JRE Improper Certificate Validation Vulnerability (CVE-2003-1229)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)
Lighttpd Use After Free Vulnerability (CVE-2013-4560)
WordPress Plugin Podlove Podcast Publisher Cross-Site Scripting (3.8.2)
Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-28651)