Description
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Arbitrary File Upload (5.3.1)
Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)
WordPress Plugin Peter's Math Anti-Spam Audio CAPTCHA Security Bypass (0.1.6)
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)