FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0237

This CVE name corresponds to:

Entered Topic
2014-08-18 PHP multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2014-0237
Phase Assigned(20131203)

Description

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

References

Source Reference
CONFIRM http://www.php.net/ChangeLog-5.php
CONFIRM https://bugs.php.net/bug.php?id=67328
CONFIRM https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
CONFIRM http://support.apple.com/kb/HT6443
CONFIRM https://support.apple.com/HT204659
APPLE APPLE-SA-2015-04-08-2
DEBIAN DSA-3021
REDHAT RHSA-2014:1765
REDHAT RHSA-2014:1766
SUSE SUSE-SU-2014:0869