CVE-2014-3480

MEDIUM

File < 5.19 - Improper Input Validation

Title source: rule

Description

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

References (18)

Scores

CVSS v3 6.5
EPSS 0.0626
EPSS Percentile 90.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-20
Status draft

Affected Products (6)

file_project/file < 5.19
php/php < 5.3.29
debian/debian_linux
debian/debian_linux
opensuse/opensuse
oracle/linux

Timeline

Published Jul 09, 2014
Tracked Since Feb 18, 2026