Denial of Service Vulnerability in PHP Fileinfo Component
CVE-2014-3480

Currently unrated

Key Information:

Vendor: PHP
Status: PHP; File
Vendor: CVE Published:; 9 July 2014

What is CVE-2014-3480?

The cdf_count_chain function in PHP's Fileinfo component, prior to version 5.4.30 and certain 5.5.x versions, lacks adequate validation of sector-count data. This vulnerability enables remote attackers to exploit specially crafted CDF files, leading to application crashes, which could disrupt services and affect availability.

References

https://support.apple.com/HT204659

x_refsource_CONFIRM

http://www.securityfocus.com/bid/68238

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2014-1766.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 14, 2014