Description

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Remediation

References

CVE-2014-3487

Related Vulnerabilities

MySQL CVE-2018-3173 Vulnerability (CVE-2018-3173)

SharePoint Other Vulnerability (CVE-2020-1147)

WordPress Plugin Jigoshop Unspecified Vulnerability (1.10.5)

WordPress Plugin Salon Booking System Cross-Site Request Forgery (3.13.1)

Oracle Application Server Improper Authentication Vulnerability (CVE-2002-0563)

Severity

Medium

Classification

CVE-2014-3487 CWE-20

Tags

Missing Update Known Vulnerabilities