The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://mx.gw.com/pipermail/file/2014/001553.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59794
http://secunia.com/advisories/59831
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2974
http://www.debian.org/security/2014/dsa-3021
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/68243
https://bugs.php.net/bug.php?id=67326
https://bugzilla.redhat.com/show_bug.cgi?id=1091842
https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391
OR
cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* versions up to 5.18 (inclusive)
cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.29 (inclusive)
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124927 | EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424) | Nessus | Huawei Local Security Checks | high |
700510 | Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
93161 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | critical |
87555 | Scientific Linux Security Update : file on SL7.x x86_64 (20151119) | Nessus | Scientific Linux Local Security Checks | high |
87137 | CentOS 7 : file (CESA-2015:2155) | Nessus | CentOS Local Security Checks | high |
87027 | Oracle Linux 7 : file (ELSA-2015-2155) | Nessus | Oracle Linux Local Security Checks | high |
86973 | RHEL 7 : file (RHSA-2015:2155) | Nessus | Red Hat Local Security Checks | high |
82700 | Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) | Nessus | MacOS X Local Security Checks | critical |
82699 | Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK) | Nessus | MacOS X Local Security Checks | critical |
82333 | Mandriva Linux Security Advisory : php (MDVSA-2015:080) | Nessus | Mandriva Local Security Checks | high |
82175 | Debian DLA-27-1 : file security update | Nessus | Debian Local Security Checks | medium |
82165 | Debian DLA-18-1 : php5 security update | Nessus | Debian Local Security Checks | high |
78556 | PHP 5.6.0 Multiple Vulnerabilities | Nessus | CGI abuses | high |
78336 | Amazon Linux AMI : php (ALAS-2014-393) | Nessus | Amazon Linux Local Security Checks | high |
78325 | Amazon Linux AMI : file (ALAS-2014-382) | Nessus | Amazon Linux Local Security Checks | medium |
78315 | Amazon Linux AMI : php55 (ALAS-2014-372) | Nessus | Amazon Linux Local Security Checks | high |
78310 | Amazon Linux AMI : php54 (ALAS-2014-367) | Nessus | Amazon Linux Local Security Checks | high |
8394 | Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004) | Nessus Network Monitor | Web Clients | critical |
77748 | Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
77585 | Debian DSA-3021-1 : file - security update | Nessus | Debian Local Security Checks | medium |
77285 | PHP 5.3.x < 5.3.29 Multiple Vulnerabilities | Nessus | CGI abuses | high |
77241 | FreeBSD : PHP multiple vulnerabilities (d2a892b9-2605-11e4-9da0-00a0986f28c4) | Nessus | FreeBSD Local Security Checks | high |
77044 | Oracle Linux 7 : php (ELSA-2014-1013) | Nessus | Oracle Linux Local Security Checks | high |
77033 | CentOS 7 : php (CESA-2014:1013) | Nessus | CentOS Local Security Checks | high |
77016 | RHEL 7 : php (RHSA-2014:1013) | Nessus | Red Hat Local Security Checks | high |
76909 | SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537) | Nessus | SuSE Local Security Checks | high |
76722 | openSUSE Security Update : php / php5 / php53 (openSUSE-SU-2014:0925-1) | Nessus | SuSE Local Security Checks | high |
76525 | Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : file vulnerabilities (USN-2278-1) | Nessus | Ubuntu Local Security Checks | medium |
76476 | Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01) | Nessus | Slackware Local Security Checks | high |
76451 | Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1) | Nessus | Ubuntu Local Security Checks | high |
76438 | Mandriva Linux Security Advisory : php (MDVSA-2014:130) | Nessus | Mandriva Local Security Checks | high |
76418 | Debian DSA-2974-1 : php5 - security update | Nessus | Debian Local Security Checks | high |
76377 | Fedora 20 : file-5.19-1.fc20 (2014-7992) | Nessus | Fedora Local Security Checks | medium |
8320 | PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | critical |
76282 | PHP 5.5.x < 5.5.14 Multiple Vulnerabilities | Nessus | CGI abuses | high |
76281 | PHP 5.4.x < 5.4.30 Multiple Vulnerabilities | Nessus | CGI abuses | high |