This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Christos Zoulas First view 2014-03-14
Product File Last view 2014-08-22
Version 5.15 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:christos_zoulas:file

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2014-08-22 CVE-2014-3587

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

4.3 2014-07-09 CVE-2014-3487

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3 2014-07-09 CVE-2014-3480

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3 2014-07-09 CVE-2014-3479

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

5 2014-07-09 CVE-2014-3478

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

4.3 2014-07-09 CVE-2014-0207

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

5 2014-07-03 CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

4.3 2014-03-14 CVE-2014-2270

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (2) CWE-189 Numeric Errors
25% (2) CWE-20 Improper Input Validation
12% (1) CWE-399 Resource Management Errors

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0086 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0052897

Snort® IPS/IDS

Date Description
2016-03-29 PHP libmagic PE out of bounds memory access attempt
RuleID : 38347 - Type : FILE-EXECUTABLE - Revision : 1
2016-03-14 PHP fileinfo cdf_read_property_info denial of service attempt
RuleID : 36262 - Type : SERVER-WEBAPP - Revision : 3
2016-03-14 PHP fileinfo cdf_read_property_info denial of service attempt
RuleID : 36261 - Type : SERVER-WEBAPP - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-10-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1156.nasl - Type: ACT_GATHER_INFO
2016-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2328-1.nasl - Type: ACT_GATHER_INFO
2016-09-08 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2210-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2016-08-12 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_70140f20600711e6a6c314dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-06-09 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160510_file_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-05-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2016-0050.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-05-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2015-12-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20151119_file_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-2155.nasl - Type: ACT_GATHER_INFO
2015-11-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-2155.nasl - Type: ACT_GATHER_INFO
2015-11-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-2155.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_SecUpd2015-004.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_10_3.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-080.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-67.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-50.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-27.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-18.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-145.nasl - Type: ACT_GATHER_INFO
2015-03-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201503-08.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_php_20140522.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2014-1606.nasl - Type: ACT_GATHER_INFO