Description

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

Remediation

References

CVE-2014-0238

Related Vulnerabilities

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19216)

WordPress Plugin Solve Media CAPTCHA Cross-Site Request Forgery (1.1.0)

WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (2.1.2)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.29)

Severity

Medium

Classification

CVE-2014-0238 CWE-119

Tags

Missing Update Known Vulnerabilities