The cdfreadshort_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "file", "binary_version": "1:5.14-2ubuntu3.1" }, { "binary_name": "file-dbg", "binary_version": "1:5.14-2ubuntu3.1" }, { "binary_name": "libmagic-dev", "binary_version": "1:5.14-2ubuntu3.1" }, { "binary_name": "libmagic1", "binary_version": "1:5.14-2ubuntu3.1" }, { "binary_name": "python-magic", "binary_version": "1:5.14-2ubuntu3.1" }, { "binary_name": "python3-magic", "binary_version": "1:5.14-2ubuntu3.1" } ], "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libapache2-mod-php5", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "libapache2-mod-php5filter", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "libphp5-embed", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php-pear", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-cgi", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-cli", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-common", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-curl", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-dbg", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-dev", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-enchant", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-fpm", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-gd", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-gmp", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-intl", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-ldap", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-mysql", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-mysqlnd", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-odbc", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-pgsql", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-pspell", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-readline", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-recode", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-snmp", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-sqlite", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-sybase", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-tidy", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-xmlrpc", "binary_version": "5.5.9+dfsg-1ubuntu4.3" }, { "binary_name": "php5-xsl", "binary_version": "5.5.9+dfsg-1ubuntu4.3" } ], "ubuntu_priority": "medium" }