CVE-2014-3587
Last modified
CVE-2014-3587 is a vulnerability of currently unknown severity. Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.. EPSS estimates a 20.24% chance of exploitation in the next 30 days.
Description
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Christos Zoulas | File | <= 5.19 | — |
| Christos Zoulas | File | 5.00 | — |
| Christos Zoulas | File | 5.01 | — |
| Christos Zoulas | File | 5.02 | — |
| Christos Zoulas | File | 5.03 | — |
| Christos Zoulas | File | 5.04 | — |
| Christos Zoulas | File | 5.05 | — |
| Christos Zoulas | File | 5.06 | — |
| Christos Zoulas | File | 5.07 | — |
| Christos Zoulas | File | 5.08 | — |
| Christos Zoulas | File | 5.09 | — |
| Christos Zoulas | File | 5.10 | — |
| Christos Zoulas | File | 5.11 | — |
| Christos Zoulas | File | 5.12 | — |
| Christos Zoulas | File | 5.13 | — |
| Christos Zoulas | File | 5.14 | — |
| Christos Zoulas | File | 5.15 | — |
| Christos Zoulas | File | 5.16 | — |
| Christos Zoulas | File | 5.17 | — |
| Christos Zoulas | File | 5.18 | — |
| Php | Php | <= 5.4.31 | — |
| Php | Php | 5.4.0 | — |
| Php | Php | 5.4.1 | — |
| Php | Php | 5.4.2 | — |
| Php | Php | 5.4.3 | — |
| Php | Php | 5.4.4 | — |
| Php | Php | 5.4.5 | — |
| Php | Php | 5.4.6 | — |
| Php | Php | 5.4.7 | — |
| Php | Php | 5.4.8 | — |
| Php | Php | 5.4.9 | — |
| Php | Php | 5.4.10 | — |
| Php | Php | 5.4.11 | — |
| Php | Php | 5.4.12 | — |
| Php | Php | 5.4.13 | — |
| Php | Php | 5.4.14 | — |
| Php | Php | 5.4.15 | — |
| Php | Php | 5.4.16 | Rc1 |
| Php | Php | 5.4.17 | — |
| Php | Php | 5.4.18 | — |
| Php | Php | 5.4.19 | — |
| Php | Php | 5.4.20 | — |
| Php | Php | 5.4.21 | — |
| Php | Php | 5.4.22 | — |
| Php | Php | 5.4.23 | — |
| Php | Php | 5.4.24 | — |
| Php | Php | 5.4.25 | — |
| Php | Php | 5.4.26 | — |
| Php | Php | 5.4.27 | — |
| Php | Php | 5.4.28 | — |
Showing 50 of 68 affected configurations. See NVD for the full list.
References
- https://bugs.php.net/bug.php?id=67716Patch, Vendor Advisory
- https://bugs.php.net/bug.php?id=67716Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3587?
How severe is CVE-2014-3587?
How do I fix CVE-2014-3587?
Are you affected by CVE-2014-3587?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST