SOL16954 - Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238

2015-07-1400:00:00

support.f5.com

144

0.098 Low

EPSS

Percentile

94.8%

JSON

CVE-2014-0237

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
CVE-2014-0238

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle11.6.0
big-ip edge gatewayle11.3.0
big-ip ltmle11.6.0
big-ip link controllerle11.6.0
big-ip webacceleratorle11.3.0
big-ip womle11.3.0
big-ip psmle11.4.1
big-ip analyticsle11.6.0
big-ip gtmle11.6.0

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	11.6.0
big-ip edge gateway	le	11.3.0
big-ip ltm	le	11.6.0
big-ip link controller	le	11.6.0
big-ip webaccelerator	le	11.3.0
big-ip wom	le	11.3.0
big-ip psm	le	11.4.1
big-ip analytics	le	11.6.0
big-ip gtm	le	11.6.0