Denial of Service Vulnerability in Fileinfo Component of PHP by The PHP Group
CVE-2014-3479

Currently unrated

Key Information:

Vendor: PHP
Status: PHP; File
Vendor: CVE Published:; 9 July 2014

What is CVE-2014-3479?

The vulnerability in the cdf_check_stream_offset function of the Fileinfo component in PHP affects versions prior to 5.4.30 and 5.5.x before 5.5.14. It relies on incorrect sector-size data, allowing remote attackers to exploit the vulnerability by crafting a malicious stream offset within a CDF file. This can lead to a denial of service, causing the application to crash, thereby impacting service availability and affecting users reliant on PHP applications.

References

https://support.apple.com/HT204659

x_refsource_CONFIRM

https://github.com/file/file/commit/36fadd29849b8087af9f4...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2014-1766.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 14, 2014