CVE-2014-0238

MEDIUM

Description

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

ID	Name	Product	Family	Severity
124927	EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)	Nessus	Huawei Local Security Checks	high
700510	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
87555	Scientific Linux Security Update : file on SL7.x x86_64 (20151119)	Nessus	Scientific Linux Local Security Checks	high
87137	CentOS 7 : file (CESA-2015:2155)	Nessus	CentOS Local Security Checks	high
87027	Oracle Linux 7 : file (ELSA-2015-2155)	Nessus	Oracle Linux Local Security Checks	high
86973	RHEL 7 : file (RHSA-2015:2155)	Nessus	Red Hat Local Security Checks	high
86014	F5 Networks BIG-IP : Multiple PHP CDF vulnerabilities (SOL16954)	Nessus	F5 Networks Local Security Checks	medium
82700	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)	Nessus	MacOS X Local Security Checks	critical
82699	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)	Nessus	MacOS X Local Security Checks	critical
8679	PHP 5.4.x < 5.4.29 / 5.5.x < 5.5.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
82333	Mandriva Linux Security Advisory : php (MDVSA-2015:080)	Nessus	Mandriva Local Security Checks	high
82175	Debian DLA-27-1 : file security update	Nessus	Debian Local Security Checks	medium
82128	Debian DLA-145-1 : php5 security update	Nessus	Debian Local Security Checks	medium
79185	CentOS 6 : file (CESA-2014:1606)	Nessus	CentOS Local Security Checks	medium
78843	Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)	Nessus	Scientific Linux Local Security Checks	medium
78556	PHP 5.6.0 Multiple Vulnerabilities	Nessus	CGI abuses	high
78527	Oracle Linux 6 : file (ELSA-2014-1606)	Nessus	Oracle Linux Local Security Checks	medium
78414	RHEL 6 : file (RHSA-2014:1606)	Nessus	Red Hat Local Security Checks	medium
78336	Amazon Linux AMI : php (ALAS-2014-393)	Nessus	Amazon Linux Local Security Checks	high
78325	Amazon Linux AMI : file (ALAS-2014-382)	Nessus	Amazon Linux Local Security Checks	medium
78305	Amazon Linux AMI : php55 (ALAS-2014-362)	Nessus	Amazon Linux Local Security Checks	medium
78304	Amazon Linux AMI : php54 (ALAS-2014-361)	Nessus	Amazon Linux Local Security Checks	medium
8394	Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)	Nessus Network Monitor	Web Clients	critical
77748	Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
77585	Debian DSA-3021-1 : file - security update	Nessus	Debian Local Security Checks	medium
77455	GLSA-201408-11 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
77285	PHP 5.3.x < 5.3.29 Multiple Vulnerabilities	Nessus	CGI abuses	high
77241	FreeBSD : PHP multiple vulnerabilities (d2a892b9-2605-11e4-9da0-00a0986f28c4)	Nessus	FreeBSD Local Security Checks	high
77047	Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)	Nessus	Scientific Linux Local Security Checks	high
77044	Oracle Linux 7 : php (ELSA-2014-1013)	Nessus	Oracle Linux Local Security Checks	high
77043	Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)	Nessus	Oracle Linux Local Security Checks	high
77033	CentOS 7 : php (CESA-2014:1013)	Nessus	CentOS Local Security Checks	high
77032	CentOS 5 / 6 : php / php53 (CESA-2014:1012)	Nessus	CentOS Local Security Checks	high
77016	RHEL 7 : php (RHSA-2014:1013)	Nessus	Red Hat Local Security Checks	high
77015	RHEL 5 / 6 : php53 and php (RHSA-2014:1012)	Nessus	Red Hat Local Security Checks	high
76367	SuSE 11.3 Security Update : php53 (SAT Patch Number 9450)	Nessus	SuSE Local Security Checks	medium
76249	Ubuntu 13.10 / 14.04 LTS : php5 updates (USN-2254-2)	Nessus	Ubuntu Local Security Checks	high
76201	Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2254-1)	Nessus	Ubuntu Local Security Checks	high
76094	Fedora 19 : php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19 / php-5.5.13-3.fc19 / etc (2014-6904)	Nessus	Fedora Local Security Checks	medium
76093	Fedora 20 : php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20 / php-5.5.13-3.fc20 / etc (2014-6901)	Nessus	Fedora Local Security Checks	medium
75385	openSUSE Security Update : php5 (openSUSE-SU-2014:0784-1)	Nessus	SuSE Local Security Checks	high
74449	Mandriva Linux Security Advisory : file (MDVSA-2014:116)	Nessus	Mandriva Local Security Checks	medium
74448	Mandriva Linux Security Advisory : php (MDVSA-2014:115)	Nessus	Mandriva Local Security Checks	medium
74380	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : php (SSA:2014-160-01)	Nessus	Slackware Local Security Checks	high
74292	PHP 5.5.x < 5.5.13 'src/cdf.c' Multiple Vulnerabilities	Nessus	CGI abuses	medium
74291	PHP 5.4.x < 5.4.29 'src/cdf.c' Multiple Vulnerabilities	Nessus	CGI abuses	medium
74279	Debian DSA-2943-1 : php5 - security update	Nessus	Debian Local Security Checks	high

CVE-2014-0238

Description

References

Details

Risk Information

CVSS v2.0