Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Christos Zoulas Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3538 3 Christos Zoulas, Debian, Php 3 File, Debian Linux, Php 2023-01-19 5.0 MEDIUM N/A
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
CVE-2013-7345 3 Christos Zoulas, Debian, Php 3 File, Debian Linux, Php 2022-10-31 5.0 MEDIUM N/A
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
CVE-2014-0207 5 Christos Zoulas, Debian, Opensuse and 2 more 5 File, Debian Linux, Opensuse and 2 more 2022-09-28 4.3 MEDIUM N/A
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
CVE-2014-3587 2 Christos Zoulas, Php 2 File, Php 2018-01-04 4.3 MEDIUM N/A
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
CVE-2003-1092 1 Christos Zoulas 1 File 1 2017-07-10 7.5 HIGH N/A
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
CVE-2014-2270 2 Christos Zoulas, Tim Robbins 2 File, Libmagic 2017-06-30 4.3 MEDIUM N/A
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-3479 2 Christos Zoulas, Php 2 File, Php 2016-11-28 4.3 MEDIUM N/A
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
CVE-2014-3480 2 Christos Zoulas, Php 2 File, Php 2016-11-28 4.3 MEDIUM N/A
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3487 2 Christos Zoulas, Php 2 File, Php 2016-11-28 4.3 MEDIUM N/A
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3478 2 Christos Zoulas, Php 2 File, Php 2016-11-28 5.0 MEDIUM N/A
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
CVE-2012-1571 2 Christos Zoulas, Tim Robbins 2 File, Libmagic 2014-03-07 4.3 MEDIUM N/A
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
CVE-2009-3930 1 Christos Zoulas 1 File 2009-11-23 9.3 HIGH N/A
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
CVE-2009-1515 1 Christos Zoulas 1 File 2009-11-12 6.8 MEDIUM N/A
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.