CVE-2014-3479

MEDIUM

Description

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

ID	Name	Product	Family	Severity
124927	EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)	Nessus	Huawei Local Security Checks	high
700510	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
93161	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)	Nessus	SuSE Local Security Checks	critical
87555	Scientific Linux Security Update : file on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
87137	CentOS 7 : file (CESA-2015:2155)	Nessus	CentOS Local Security Checks	high
87027	Oracle Linux 7 : file (ELSA-2015-2155)	Nessus	Oracle Linux Local Security Checks	high
86973	RHEL 7 : file (RHSA-2015:2155)	Nessus	Red Hat Local Security Checks	high
82700	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)	Nessus	MacOS X Local Security Checks	critical
82699	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)	Nessus	MacOS X Local Security Checks	high
82333	Mandriva Linux Security Advisory : php (MDVSA-2015:080)	Nessus	Mandriva Local Security Checks	high
82175	Debian DLA-27-1 : file security update	Nessus	Debian Local Security Checks	medium
79185	CentOS 6 : file (CESA-2014:1606)	Nessus	CentOS Local Security Checks	medium
78843	Scientific Linux Security Update : file on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
78556	PHP 5.6.0 Multiple Vulnerabilities	Nessus	CGI abuses	high
78527	Oracle Linux 6 : file (ELSA-2014-1606)	Nessus	Oracle Linux Local Security Checks	medium
78414	RHEL 6 : file (RHSA-2014:1606)	Nessus	Red Hat Local Security Checks	medium
78325	Amazon Linux AMI : file (ALAS-2014-382)	Nessus	Amazon Linux Local Security Checks	medium
78315	Amazon Linux AMI : php55 (ALAS-2014-372)	Nessus	Amazon Linux Local Security Checks	high
78310	Amazon Linux AMI : php54 (ALAS-2014-367)	Nessus	Amazon Linux Local Security Checks	high
8394	Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)	Nessus Network Monitor	Web Clients	critical
77748	Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
77585	Debian DSA-3021-1 : file - security update	Nessus	Debian Local Security Checks	medium
77285	PHP 5.3.x < 5.3.29 Multiple Vulnerabilities	Nessus	CGI abuses	high
77047	Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
77044	Oracle Linux 7 : php (ELSA-2014-1013)	Nessus	Oracle Linux Local Security Checks	high
77043	Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)	Nessus	Oracle Linux Local Security Checks	high
77033	CentOS 7 : php (CESA-2014:1013)	Nessus	CentOS Local Security Checks	high
77032	CentOS 5 / 6 : php / php53 (CESA-2014:1012)	Nessus	CentOS Local Security Checks	high
77016	RHEL 7 : php (RHSA-2014:1013)	Nessus	Red Hat Local Security Checks	high
77015	RHEL 5 / 6 : php53 and php (RHSA-2014:1012)	Nessus	Red Hat Local Security Checks	high
76909	SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)	Nessus	SuSE Local Security Checks	high
76722	openSUSE Security Update : php / php5 / php53 (openSUSE-SU-2014:0925-1)	Nessus	SuSE Local Security Checks	high
76525	Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : file vulnerabilities (USN-2278-1)	Nessus	Ubuntu Local Security Checks	medium
76476	Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01)	Nessus	Slackware Local Security Checks	high
76451	Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1)	Nessus	Ubuntu Local Security Checks	high
76439	Mandriva Linux Security Advisory : file (MDVSA-2014:131)	Nessus	Mandriva Local Security Checks	medium
76438	Mandriva Linux Security Advisory : php (MDVSA-2014:130)	Nessus	Mandriva Local Security Checks	high
76418	Debian DSA-2974-1 : php5 - security update	Nessus	Debian Local Security Checks	high
76377	Fedora 20 : file-5.19-1.fc20 (2014-7992)	Nessus	Fedora Local Security Checks	medium
8320	PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	critical
76282	PHP 5.5.x < 5.5.14 Multiple Vulnerabilities	Nessus	CGI abuses	high
76281	PHP 5.4.x < 5.4.30 Multiple Vulnerabilities	Nessus	CGI abuses	critical

CVE-2014-3479

Description

References

Details

Risk Information

CVSS v2.0