Description

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

Remediation

References

CVE-2014-0207

Related Vulnerabilities

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)

WordPress Plugin Ultimeter Security Bypass (1.9.2)

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1882)

Severity

Medium

Classification

CVE-2014-0207 CWE-119

Tags

Missing Update Known Vulnerabilities