PT-2014-1422 · File+7 · File+7

Francisco Alonso

Published

2014-06-01

Updated

2023-05-26

CVE-2014-3479

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions file versions prior to 5.19 PHP versions prior to 5.4.30 and 5.5.x prior to 5.5.14

Description The issue exists in the cdf check stream offset function due to the use of incorrect sector-size data. This allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. Multiple vulnerabilities in the file package can lead to disruption of protected information and can be exploited remotely.

Recommendations For file versions prior to 5.19, update to version 5.19 or later. For PHP versions prior to 5.4.30, update to version 5.4.30 or later. For PHP versions 5.5.x prior to 5.5.14, update to version 5.5.14 or later. As a temporary workaround, consider restricting access to CDF files until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2021-2505

ALT-PU-2023-1892

BDU:2015-00377

BDU:2015-01282

BDU:2015-06092

BDU:2015-06093

BDU:2015-06094

BDU:2015-06095

BDU:2015-06096

CESA-2014_1012

CESA-2014_1013

CESA-2014_1606

CESA-2015_2155

CVE-2014-3479

DLA-27-1

DSA-2974-1

DSA-3021-1

HPSBUX03102

MGASA-2014-0282

MGASA-2014-0283

MGASA-2014-0284

RHSA-2014:1012

RHSA-2014:1013

RHSA-2014:1606

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1012

RHSA-2014_1013

RHSA-2014_1606

RHSA-2015:2155

RHSA-2015_2155

SUSE-SU-2015:0370-1

SUSE-SU-2015:0436-1

SUSE-SU-2015:1018-1

SUSE-SU-2015:1265-1

SUSE-SU-2016:1638-1

USN-2276-1

USN-2278-1

Affected Products

Alt Linux

Centos

Hp-Ux

Php

Red Hat

Suse

Ubuntu

File

PT-2014-1422 · File+7 · File+7

CVE-2014-3479

Weakness Enumeration

Related Identifiers

Affected Products

References · 235