Signature Detail

HTTP: PHP Fileinfo Module CDF File Parsing Remote Denial of Service

This signature detects an attempt to exploit a known vulnerability against PHP. A successful attack can result in a denial of service condition.

Extended Description

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

Affected Products

• Christos_zoulas file 5.00
• Christos_zoulas file 5.01
• Christos_zoulas file 5.02
• Christos_zoulas file 5.03
• Christos_zoulas file 5.04
• Christos_zoulas file 5.05
• Christos_zoulas file 5.06
• Christos_zoulas file 5.07
• Christos_zoulas file 5.08
• Christos_zoulas file 5.09
• Christos_zoulas file 5.10
• Christos_zoulas file 5.11
• Christos_zoulas file 5.12
• Christos_zoulas file 5.13
• Christos_zoulas file 5.14
• Christos_zoulas file 5.15
• Christos_zoulas file 5.16
• Christos_zoulas file 5.17
• Christos_zoulas file 5.18
• Christos_zoulas file 5.19
• Php php 5.4.0
• Php php 5.4.1
• Php php 5.4.10
• Php php 5.4.11
• Php php 5.4.12
• Php php 5.4.13
• Php php 5.4.14
• Php php 5.4.15
• Php php 5.4.16
• Php php 5.4.17
• Php php 5.4.18
• Php php 5.4.19
• Php php 5.4.2
• Php php 5.4.20
• Php php 5.4.21
• Php php 5.4.22
• Php php 5.4.23
• Php php 5.4.24
• Php php 5.4.25
• Php php 5.4.26
• Php php 5.4.27
• Php php 5.4.28
• Php php 5.4.29
• Php php 5.4.3
• Php php 5.4.30
• Php php 5.4.31
• Php php 5.4.4
• Php php 5.4.5
• Php php 5.4.6
• Php php 5.4.7
• Php php 5.4.8
• Php php 5.4.9
• Php php 5.5.0
• Php php 5.5.1
• Php php 5.5.10
• Php php 5.5.11
• Php php 5.5.12
• Php php 5.5.13
• Php php 5.5.14
• Php php 5.5.15
• Php php 5.5.2
• Php php 5.5.3
• Php php 5.5.4
• Php php 5.5.5
• Php php 5.5.6
• Php php 5.5.7
• Php php 5.5.8
• Php php 5.5.9

References

• BugTraq: 69325
• CVE: CVE-2014-3587