Description

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Remediation

References

CVE-2014-3480

Related Vulnerabilities

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)

WordPress 2.3.2 Post Edit Unauthorized Access Vulnerability (0.7 - 2.3.2)

Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Arbitrary File Upload (1.28.1)

WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)

Severity

Medium

Classification

CVE-2014-3480 CWE-20

Tags

Missing Update Known Vulnerabilities