CVE-2014-0236
Publication date 16 May 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.
Status
Package | Ubuntu Release | Status |
---|---|---|
file | 14.04 LTS trusty |
Not affected
|
php5 | 14.04 LTS trusty |
Not affected
|
Notes
mdeslaur
introduced in file 5.18 by https://github.com/file/file/commit/209113ac443c82cc7573bb228b68ce1dd9d50f90
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |