Description
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
MySQL CVE-2012-3166 Vulnerability (CVE-2012-3166)
TYPO3 Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-26229)
IBM WebSEAL Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-1803)
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (5.8.1)