Description
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Redirection for Contact Form 7 Multiple Vulnerabilities (2.3.3)
WordPress Plugin Quick Paypal Payments Multiple Vulnerabilities (5.7.25)
WordPress Plugin Social Login by BestWebSoft Cross-Site Scripting (0.1)
PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)
Envoy mishandles dropped and truncated datagrams Issue (CVE-2020-35471)