WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2014-3487)

Description

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Remediation

References

Related Vulnerabilities

MySQL CVE-2013-2395 Vulnerability (CVE-2013-2395)

WordPress Plugin ULTIMATE VIDEO GALLERY Cross-Site Scripting (1.4)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.7.14)

WordPress Plugin CM Download Manager Cross-Site Scripting (2.7.0)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)

Severity

Medium

Classification

CVE-2014-3487 CWE-20

Tags

Missing Update Known Vulnerabilities