PT-2014-1417 · Php+5 · Php+5

Publicado

2014-06-01

Atualizado

2025-12-04

CVE-2014-0207

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions file versions prior to 5.19 PHP versions prior to 5.4.30 PHP 5.5.x versions prior to 5.5.14

Description The issue allows remote attackers to cause a denial of service, leading to application termination. This can be achieved through specially crafted CDF files, exploiting the cdf read short sector function in cdf.c. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For file versions prior to 5.19, update to version 5.19 or later. For PHP versions prior to 5.4.30, update to version 5.4.30 or later. For PHP 5.5.x versions prior to 5.5.14, update to version 5.5.14 or later. As a temporary workaround, consider restricting access to the cdf read short sector function in cdf.c until a patch is available. Avoid using the cdf.c component with untrusted CDF files until the issue is resolved.

Exploit

Correção

DoS

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-189CWE-119

Identificadores relacionados

BDU:2015-00372

BDU:2015-01282

CESA-2014_1013

CESA-2015_2155

CVE-2014-0207

DLA-0018-1

DLA-27-1

DSA-2974-1

DSA-3021-1

HPSBUX03102

MGASA-2014-0283

MGASA-2014-0284

RHSA-2014:1013

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1013

RHSA-2015:2155

RHSA-2015_2155

SUSE-SU-2014_0938-1

SUSE-SU-2015:0370-1

SUSE-SU-2015:0436-1

SUSE-SU-2015:1018-1

SUSE-SU-2015:1265-1

SUSE-SU-2016:1638-1

USN-2276-1

USN-2278-1

Produtos afetados

Centos

Hp-Ux

Php

Red Hat

Suse

Ubuntu

PT-2014-1417 · Php+5 · Php+5

CVE-2014-0207

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 225