CVE-2014-3478

MEDIUM

Christos Zoulas File < 5.18 - Memory Corruption

Title source: rule

Description

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

References (19)

Scores

CVSS v3 6.5
EPSS 0.2534
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-119
Status draft

Affected Products (50)

christos_zoulas/file
christos_zoulas/file < 5.18
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
christos_zoulas/file
... and 35 more

Timeline

Published Jul 09, 2014
Tracked Since Feb 18, 2026