CVE-2014-0236
HIGHPHP < 5.6.0 - Denial of Service via Zero Root Storage Value in CDF File
Title source: llmDescription
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://php.net/ChangeLog-5.php
Various Sources x_refsource_confirm
https://bugs.php.net/bug.php?id=67329
Various Sources x_refsource_confirm
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f3f22ff5c697aef854ffc1918bce708b37481b0f
Scores
CVSS v3
7.5
EPSS
0.0058
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
php/php
< 5.5.35
Published
May 16, 2016
Tracked Since
Feb 18, 2026