PHP is susceptible to denial of service. The vulnerability exists because of the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. An attacker can inject malicious CDF file to crash a PHP.
mx.gw.com/pipermail/file/2012/000914.html
www.debian.org/security/2012/dsa-2422
www.mandriva.com/security/advisories?name=MDVSA-2012:035
www.ubuntu.com/usn/USN-2123-1
access.redhat.com/security/updates/classification/#moderate
github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295
github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b
rhn.redhat.com/errata/RHSA-2014-1012.html