CVE-2014-0237

Name of the Vulnerable Software and Affected Versions file versions prior to 5.04 PHP versions prior to 5.4.29 and 5.5.x prior to 5.5.13 Red Hat Enterprise Linux file-5.04, file-debuginfo-5.04, file-libs-5.04, file-devel-5.04, file-static-5.04

Description The issue concerns multiple vulnerabilities in the file package of Debian GNU/Linux and Red Hat Enterprise Linux, as well as a vulnerability in the cdf unpack summary info function in the cdf.c component of PHP's Fileinfo. These vulnerabilities can lead to a denial of service due to performance degradation, which can be triggered remotely. The vulnerability in PHP's Fileinfo component allows remote attackers to cause a denial of service by triggering many file printf calls, potentially leading to resource exhaustion.

Recommendations For file versions prior to 5.04, update to a version that includes the fix for this issue. For PHP versions prior to 5.4.29, update to version 5.4.29 or later. For PHP versions prior to 5.5.13, update to version 5.5.13 or later. For Red Hat Enterprise Linux, update the file-5.04, file-debuginfo-5.04, file-libs-5.04, file-devel-5.04, and file-static-5.04 packages to versions that include the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable functions or components until a patch is available.