Your submission was sent successfully! Close

CVE-2014-0238

Published: 01 June 2014

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

Priority

Low

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.5.13)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.1)
Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=22736b7c56d678f142d5dd21f4996e5819507a2b
Other: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0