Your submission was sent successfully! Close

CVE-2014-0237

Published: 01 June 2014

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

Priority

Low

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.5.13)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.1)
Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=68ce2d0ea6da79b12a365e375e1c2ce882c77480
Other: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d