CVE-2014-3478
MEDIUMfile < 5.19 - Denial of Service via Pascal String in FILE_PSTRING Conversion
Title source: llmDescription
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
References (19)
Core 19
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT204659
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3021
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2974
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59794
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Various Sources mailing-list
x_refsource_mlist
http://mx.gw.com/pipermail/file/2014/001553.html
Exploit, Patch x_refsource_confirm
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68239
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6443
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Patch x_refsource_confirm
https://bugs.php.net/bug.php?id=67410
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59831
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1327.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Scores
CVSS v3
6.5
EPSS
0.3760
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
Status
published
Products (46)
christos_zoulas/file
5.00
christos_zoulas/file
5.01
christos_zoulas/file
5.02
christos_zoulas/file
5.03
christos_zoulas/file
5.04
christos_zoulas/file
5.05
christos_zoulas/file
5.06
christos_zoulas/file
5.07
christos_zoulas/file
5.08
christos_zoulas/file
5.09
... and 36 more
Published
Jul 09, 2014
Tracked Since
Feb 18, 2026