PT-2016-3483 · Php · Fileinfo+1
Published
2016-05-16
·
Updated
2023-02-13
·
CVE-2014-0236
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Fileinfo component in PHP versions prior to 5.6.0
file versions prior to 5.18
Description
The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This is achieved by using a zero root storage value in a CDF file, which is related to the cdf.c and readcdf.c files.
Recommendations
For file versions prior to 5.18, consider updating to version 5.18 or later to resolve the issue.
For the Fileinfo component in PHP versions prior to 5.6.0, update to PHP version 5.6.0 or later to fix the problem.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fileinfo
Php