Description
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Power Zoomer Arbitrary File Upload (1.2)
WebLogic CVE-2021-2064 Vulnerability (CVE-2021-2064)
Oracle JRE CVE-2013-5824 Vulnerability (CVE-2013-5824)
WordPress Plugin YITH Advanced Refund System for WooCommerce Security Bypass (1.0.10)
Dolibarr Incorrect Authorization Vulnerability (CVE-2022-0731)