Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Denial of Service vulnerability in PHP CDF Processing Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Denial of Service vulnerability in PHP CDF Processing

    Denial of Service vulnerability in PHP CDF Processing

    Severity Rating: Medium

    Component Affected
    • PHP versions prior to 5.4.29
    • PHP versions 5.5.x before 5.5.13

    Overview:

    Multiple vulnerabilities have been reported in PHP fileinfo component which could allow a remote attacker to cause denial of service (DOS) conditions.

    Description:

    1. Denial of Service Vulnerability in cdf_unpack_summary_info() function in Fileinfo component

    This vulnerability exists in cdf_unpack_summary_info() function in src/cdf.c in the Fileinfo component of PHP due to improper handling of the CDF files.
    A remote attacker could exploit this vulnerability by sending a specially-crafted CDF file which could lead to triggering of many file_printf() calls causing the file to use huge amount of CPU time.
    Successful exploitation could lead to denial of service conditions.

    2. Denial of Service Vulnerability in cdf_read_property_info function in Fileinfo component
    This vulnerability exists in the cdf_read_property_info() function in src/cdf.c in the Fileinfo component of PHP due to an error while parsing property information from CDF files.
    A remote attacker could exploit this vulnerability by sending a specially crafted CDF file which could cause a property entry with 0 elements to trigger an infinite loop.
    Successful exploitation could lead to denial of service conditions.

    Solution :

    Apply appropriate patches as mentioned by the vendor:
    http://www.php.net/ChangeLog-5.php#5.5.13

    Vendor Information :
    PHP:
    http://www.php.net/

    References:
    Security tracker
    http://www.securitytracker.com/id/1030321

    Red Hat
    https://bugzilla.redhat.com/show_bug...=CVE-2014-0237
    https://bugzilla.redhat.com/show_bug...=CVE-2014-0238
Tag Cloud Tag Cloud Module
Collapse
Working...
X