Description
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Remediation
References
Related Vulnerabilities
WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.4.9.2)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36287)