Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

OSVersionArchitecturePackageVersionFilename
Debian12allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian11allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian999allfile< 1:5.19-2file_1:5.19-2_all.deb
Debian13allfile< 1:5.19-2file_1:5.19-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	11	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	999	all	file	< 1:5.19-2	file_1:5.19-2_all.deb
Debian	13	all	file	< 1:5.19-2	file_1:5.19-2_all.deb

prion 2

amazon 2

nessus 58

cvelist 2

cve 2

securityvulns 6

ubuntucve 2

nvd 2

openvas 51

fedora 5

mageia 2

veracode 5

checkpoint_advisories 2

debian 9

f5 2

gentoo 1

debiancve 1

ubuntu 3

centos 6

redhat 8

kitploit 1

osv 4

oraclelinux 7

freebsd_advisory 1

freebsd 1

slackware 1

ibm 5

suse 3

rosalinux 1

oracle 1

prion

Integer overflow

2014-08-23 01:55:00

Out-of-bounds

2012-07-17 21:55:00

amazon

Medium: file

2014-09-03 14:38:00

Medium: php55

2014-09-18 21:03:00

nessus

Fedora 20 : file-5.19-4.fc20 (2014-9712)

2014-08-25 00:00:00

Amazon Linux AMI : file (ALAS-2014-398)

2014-10-12 00:00:00

Amazon Linux AMI : php55 (ALAS-2014-415)

2014-10-12 00:00:00

cvelist

CVE-2014-3587

2014-08-23 01:00:00

CVE-2012-1571

2012-07-17 21:00:00

cve

CVE-2014-3587

2014-08-23 01:55:01

CVE-2012-1571

2012-07-17 21:55:01

securityvulns

file utility memory corruption

2014-09-03 00:00:00

[ MDVSA-2014:167 ] file

2014-09-03 00:00:00

[USN-2344-1] PHP vulnerabilities

2014-09-15 00:00:00

ubuntucve

CVE-2014-3587

2014-08-22 00:00:00

CVE-2012-1571

2012-07-17 00:00:00

nvd

CVE-2014-3587

2014-08-23 01:55:01

CVE-2012-1571

2012-07-17 21:55:01

openvas

Amazon Linux: Security Advisory (ALAS-2014-398)

2015-09-08 00:00:00

Amazon Linux: Security Advisory (ALAS-2014-415)

2015-09-08 00:00:00

Fedora Update for file FEDORA-2014-9712

2014-08-24 00:00:00

fedora

[SECURITY] Fedora 20 Update: file-5.19-4.fc20

2014-08-24 02:55:59

[SECURITY] Fedora 20 Update: php-5.5.16-1.fc20

2014-09-02 06:40:37

[SECURITY] Fedora 19 Update: php-5.5.16-1.fc19

2014-09-02 06:47:45

mageia

Updated php packages fix multiple security vulnerabilities

2014-09-05 13:07:37

Updated file packages fix CVE-2014-3587

2014-08-27 03:04:56

veracode

Denial Of Service (DoS)

2019-05-02 05:04:19

Denial Of Service

2019-01-15 08:58:13

Denial Of Service (DoS)

2019-05-02 05:04:17

checkpoint_advisories

PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)

2014-10-26 00:00:00

PHP Fileinfo cdf_read_property_info Denial of Service - ver 2 (CVE-2014-3587)

2014-11-12 00:00:00

debian

[SECURITY] [DSA 2422-2] file regression fix

2012-05-09 18:23:22

[SECURITY] [DLA 50-1] file security update

2014-09-10 15:52:03

[SECURITY] [DSA 3008-2] php5 regression update

2014-08-21 12:39:59

K16875 : file vulnerability CVE-2012-1571

2015-07-02 00:00:00

SOL16875 - file vulnerability CVE-2012-1571

2015-07-02 00:00:00

gentoo

file: Denial of service

2012-09-26 00:00:00

debiancve

CVE-2012-1571

2012-07-17 21:55:01

ubuntu

file vulnerability

2014-10-03 00:00:00

PHP vulnerabilities

2014-09-10 00:00:00

file vulnerabilities

2014-02-26 00:00:00

centos

php, php53 security update

2014-09-30 10:27:47

php security update

2014-09-30 10:59:18

file, python security update

2014-10-20 18:08:44

redhat

(RHSA-2014:1326) Moderate: php53 and php security update

2014-09-30 00:00:00

(RHSA-2014:1327) Moderate: php security update

2014-09-30 00:00:00

(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update

2016-05-10 06:42:18

kitploit

Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities

2019-05-21 21:17:00

osv

file - security update

2014-09-10 00:00:00

php5 - security update

2014-08-21 00:00:00

php5 - security update

2014-09-30 00:00:00

oraclelinux

php53 and php security update

2014-09-30 00:00:00

file security, bug fix, and enhancement update

2016-05-12 00:00:00

php security update

2014-09-30 00:00:00

freebsd_advisory

FreeBSD-SA-14:16.file

2014-06-24 00:00:00

freebsd

FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)

2014-06-24 00:00:00

slackware

[slackware-security] php

2014-09-04 22:00:56

ibm

Security Bulletin: File vulnerabilities affect IBM SmartClound Entry

2020-07-19 00:49:12

Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection

2018-06-16 21:43:49

Security Bulletin: Multiple vulnerabilities in file affect PowerKVM

2018-06-18 01:30:43

suse

Security update for php53 (important)

2016-09-16 21:09:09

Security update for php5 (important)

2016-09-28 15:09:48

Security update for php5 (important)

2016-10-04 17:11:09

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.08 Low

EPSS

Percentile

94.3%

JSON

Related for DEBIANCVE:CVE-2014-3587