Denial of Service Vulnerability in Fileinfo Component of PHP
CVE-2014-3487

Currently unrated

Key Information:

Vendor: PHP
Status: PHP; File
Vendor: CVE Published:; 9 July 2014

What is CVE-2014-3487?

The cdf_read_property_info function in the Fileinfo component of PHP prior to certain versions lacks proper validation for stream offsets. This oversight can be exploited by remote attackers to craft malicious CDF files, leading to application crashes and service disruptions. Users are urged to update to the latest versions to mitigate potential risks.

References

https://support.apple.com/HT204659

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2014-1766.html

vendor-advisoryx_refsource_REDHAT

http://www.debian.org/security/2014/dsa-3021

vendor-advisoryx_refsource_DEBIAN

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 14, 2014