CVE-2014-3478

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

http://marc.info/?l=bugtraq&m=141017844705317&w=2

http://mx.gw.com/pipermail/file/2014/001553.html

http://rhn.redhat.com/errata/RHSA-2014-1327.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/59794

http://secunia.com/advisories/59831

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2974

http://www.debian.org/security/2014/dsa-3021

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/68239

https://bugs.php.net/bug.php?id=67410

https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08

https://support.apple.com/HT204659

Details

Source: MITRE

Published: 2014-07-09

Updated: 2016-11-28

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* versions up to 5.18 (inclusive)

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.29 (inclusive)

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
124927EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)NessusHuawei Local Security Checks
high
700510Mac OS X 10.10.x < 10.10.3 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
87555Scientific Linux Security Update : file on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87137CentOS 7 : file (CESA-2015:2155)NessusCentOS Local Security Checks
high
87027Oracle Linux 7 : file (ELSA-2015-2155)NessusOracle Linux Local Security Checks
high
86973RHEL 7 : file (RHSA-2015:2155)NessusRed Hat Local Security Checks
high
82700Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)NessusMacOS X Local Security Checks
critical
82699Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
critical
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82175Debian DLA-27-1 : file security updateNessusDebian Local Security Checks
medium
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
78325Amazon Linux AMI : file (ALAS-2014-382)NessusAmazon Linux Local Security Checks
medium
78315Amazon Linux AMI : php55 (ALAS-2014-372)NessusAmazon Linux Local Security Checks
high
78310Amazon Linux AMI : php54 (ALAS-2014-367)NessusAmazon Linux Local Security Checks
high
78009RHEL 7 : php (RHSA-2014:1327)NessusRed Hat Local Security Checks
medium
78005Oracle Linux 7 : php (ELSA-2014-1327)NessusOracle Linux Local Security Checks
medium
77996CentOS 7 : php (CESA-2014:1327)NessusCentOS Local Security Checks
medium
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
77585Debian DSA-3021-1 : file - security updateNessusDebian Local Security Checks
medium
77285PHP 5.3.x < 5.3.29 Multiple VulnerabilitiesNessusCGI abuses
high
76909SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)NessusSuSE Local Security Checks
high
76722openSUSE Security Update : php / php5 / php53 (openSUSE-SU-2014:0925-1)NessusSuSE Local Security Checks
high
76525Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : file vulnerabilities (USN-2278-1)NessusUbuntu Local Security Checks
medium
76476Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01)NessusSlackware Local Security Checks
high
76451Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1)NessusUbuntu Local Security Checks
high
76439Mandriva Linux Security Advisory : file (MDVSA-2014:131)NessusMandriva Local Security Checks
medium
76438Mandriva Linux Security Advisory : php (MDVSA-2014:130)NessusMandriva Local Security Checks
high
76418Debian DSA-2974-1 : php5 - security updateNessusDebian Local Security Checks
high
76377Fedora 20 : file-5.19-1.fc20 (2014-7992)NessusFedora Local Security Checks
medium
8320PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
76282PHP 5.5.x < 5.5.14 Multiple VulnerabilitiesNessusCGI abuses
high
76281PHP 5.4.x < 5.4.30 Multiple VulnerabilitiesNessusCGI abuses
high