5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8 High
AI Score
Confidence
Low
0.959 High
EPSS
Percentile
99.5%
Package : php5
Version : 5.3.3-7+squeeze24
CVE ID : CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117
Brief introduction
CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows
remote attackers to cause a denial of service (performance
degradation) by triggering many file_printf calls.
CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows
remote attackers to cause a denial of service (infinite loop
or out-of-bounds memory access) via a vector that (1) has zero
length or (2) is too long.
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context
dependent attackers to cause a denial of service (out-of-bounds
memory access and crash) via crafted offsets in the softmagic
of a PE executable.
CVE-2014-8117
- Stop reporting bad capabilities after the first few.
- limit the number of program and section header number of sections
- limit recursion level
CVE-2015-TEMP (no official CVE number available yet)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | php5-curl | < 5.3.3-7+squeeze24 | php5-curl_5.3.3-7+squeeze24_amd64.deb |
Debian | 7 | ia64 | php5-common | < 5.4.4-14+deb7u8 | php5-common_5.4.4-14+deb7u8_ia64.deb |
Debian | 7 | amd64 | php5-enchant | < 5.4.4-14+deb7u8 | php5-enchant_5.4.4-14+deb7u8_amd64.deb |
Debian | 7 | ia64 | php5-enchant | < 5.4.4-14+deb7u8 | php5-enchant_5.4.4-14+deb7u8_ia64.deb |
Debian | 7 | mips | php5-odbc | < 5.4.4-14+deb7u8 | php5-odbc_5.4.4-14+deb7u8_mips.deb |
Debian | 7 | amd64 | php5-xmlrpc | < 5.4.4-14+deb7u8 | php5-xmlrpc_5.4.4-14+deb7u8_amd64.deb |
Debian | 7 | s390x | php5-intl | < 5.4.4-14+deb7u8 | php5-intl_5.4.4-14+deb7u8_s390x.deb |
Debian | 7 | s390x | python-magic | < 5.11-2+deb7u7 | python-magic_5.11-2+deb7u7_s390x.deb |
Debian | 7 | i386 | php5-pspell | < 5.4.4-14+deb7u8 | php5-pspell_5.4.4-14+deb7u8_i386.deb |
Debian | 7 | amd64 | php5-odbc | < 5.4.4-14+deb7u8 | php5-odbc_5.4.4-14+deb7u8_amd64.deb |