[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3478Date: (C)2014-07-11   (M)2024-02-22


Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-59794
SECUNIA-59831
BID-68239
APPLE-SA-2015-04-08-2
DSA-2974
DSA-3021
RHSA-2014:1327
RHSA-2014:1765
RHSA-2014:1766
SSRT101681
http://mx.gw.com/pipermail/file/2014/001553.html
http://support.apple.com/kb/HT6443
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=67410
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
https://support.apple.com/HT204659
openSUSE-SU-2014:1236

CPE    78
cpe:/a:php:php:5.4.23
cpe:/a:php:php:5.4.24
cpe:/a:php:php:5.4.21
cpe:/a:php:php:5.4.22
...
CWE    1
CWE-119
OVAL    22
oval:org.secpod.oval:def:1600160
oval:org.secpod.oval:def:1500734
oval:org.secpod.oval:def:601707
oval:org.secpod.oval:def:52254
...

© SecPod Technologies