Denial of Service Vulnerability in Fileinfo Component of PHP by The PHP Group
CVE-2014-3479

Currently unrated

Key Information:

Vendor

PHP
Status
PHP
File
Vendor
CVE Published:
9 July 2014

What is CVE-2014-3479?

The vulnerability in the cdf_check_stream_offset function of the Fileinfo component in PHP affects versions prior to 5.4.30 and 5.5.x before 5.5.14. It relies on incorrect sector-size data, allowing remote attackers to exploit the vulnerability by crafting a malicious stream offset within a CDF file. This can lead to a denial of service, causing the application to crash, thereby impacting service availability and affecting users reliant on PHP applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.apple.com/HT204659
x_refsource_CONFIRM
https://github.com/file/file/commit/36fadd29849b8087af9f4...
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1766.html
vendor-advisoryx_refsource_REDHAT

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.