CVE-2014-0236 Affecting file package, versions <1:5.19-1
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.74% (81st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-FILE-301050
- published 16 May 2016
- disclosed 16 May 2016
Introduced: 16 May 2016
CVE-2014-0236 Open this link in a new tabHow to fix?
Upgrade Debian:10
file
to version 1:5.19-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream file
package and not the file
package as distributed by Debian
.
See How to fix?
for Debian:10
relevant fixed versions and status.
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.
References
- https://security-tracker.debian.org/tracker/CVE-2014-0236
- http://git.php.net/?p=php-src.git;a=commit;h=f3f22ff5c697aef854ffc1918bce708b37481b0f
- http://php.net/ChangeLog-5.php
- https://bugs.php.net/bug.php?id=67329
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f3f22ff5c697aef854ffc1918bce708b37481b0f