Description

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Remediation

References

CVE-2014-3480

Related Vulnerabilities

WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)

WordPress Plugin Let Them Unsubscribe Multiple Unspecified Vulnerabilities (1.0)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)

WordPress Plugin WordPress Firewall 2 Multiple Vulnerabilities (1.3)

Severity

Medium

Classification

CVE-2014-3480 CWE-20

Tags

Missing Update Known Vulnerabilities