Description

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

Remediation

References

CVE-2014-0236

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145)

OpenSSL Cryptographic Issues Vulnerability (CVE-2009-2409)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.24)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)

WordPress Plugin Migration, Backup, Staging-WPvivid Security Bypass (0.9.35)

Severity

High

Classification

CVE-2014-0236 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities