Denial of Service Vulnerability in PHP Fileinfo Component
CVE-2014-3480

6.5MEDIUM

Key Information:

Vendor: PHP
Status: PHP; File
Vendor: CVE Published:; 9 July 2014

🔔 Create PHP Vulnerability Alert

What is CVE-2014-3480?

The cdf_count_chain function in PHP's Fileinfo component, prior to version 5.4.30 and certain 5.5.x versions, lacks adequate validation of sector-count data. This vulnerability enables remote attackers to exploit specially crafted CDF files, leading to application crashes, which could disrupt services and affect availability.

References

https://support.apple.com/HT204659

x_refsource_CONFIRM

http://www.securityfocus.com/bid/68238

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2014-1766.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 14, 2014

.