CVE-2014-0238

Name of the Vulnerable Software and Affected Versions file-static-5.04 versions 5.04 file-devel-5.04 versions 5.04 file versions prior to 5.04 file-debuginfo-5.04 versions 5.04 file-libs-5.04 versions 5.04 PHP versions prior to 5.4.29 and 5.5.x prior to 5.5.13

Description The issue concerns multiple vulnerabilities in the file package of various operating systems, including Red Hat Enterprise Linux and Debian GNU/Linux, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. Additionally, a vulnerability in the cdf read property info function in the cdf.c component of PHP's Fileinfo allows remote attackers to cause a denial of service via specially crafted CDF files, potentially resulting in an infinite loop or out-of-bounds memory access.

Recommendations For file-static-5.04 version 5.04, update to a version that contains a fix for this issue. For file-devel-5.04 version 5.04, update to a version that contains a fix for this issue. For file versions prior to 5.04, update to version 5.04 or later. For file-debuginfo-5.04 version 5.04, update to a version that contains a fix for this issue. For file-libs-5.04 version 5.04, update to a version that contains a fix for this issue. For PHP versions prior to 5.4.29, update to version 5.4.29 or later. For PHP versions 5.5.x prior to 5.5.13, update to version 5.5.13 or later. As a temporary workaround, consider restricting access to the cdf read property info function in PHP until a patch is available.