CVE-2014-0237

MEDIUM severity · CVSS 5 · CWE-399

5CVSS MEDIUM

Summary

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)26%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (2)

PHP Debian

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlAdvisory
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlAdvisory
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlAdvisory
http://rhn.redhat.com/errata/RHSA-2014-1766.htmlAdvisory
http://secunia.com/advisories/59061Advisory
http://secunia.com/advisories/59329Advisory
http://secunia.com/advisories/59418Advisory
http://secunia.com/advisories/60998Advisory