The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-07-09 04:07
Updated : 2016-11-28 11:11
NVD link : CVE-2014-3480
Mitre link : CVE-2014-3480
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
christos_zoulas
- file
php
- php