Description
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Remediation
References
Related Vulnerabilities
Jenkins CVE-2024-23897 Vulnerability (CVE-2024-23897)
IBM WebSEAL Insufficiently Protected Credentials Vulnerability (CVE-2021-20439)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31778)
WordPress Plugin Special Text Boxes Arbitrary File Upload (5.1.90)
IBM RTC Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0748)