Launchpad CVE tracker

CVE 2014-3480

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Related bugs and status

CVE-2014-3480 (Candidate) is related to these bugs:

Bug #1335028: UPDATE REQUEST: php54 5.4.30 is available upstream

Summary				In	Importance	Status
	1335028	UPDATE REQUEST: php54 5.4.30 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1335030: UPDATE REQUEST: php55u 5.5.14 is available upstream

Summary				In	Importance	Status
	1335030	UPDATE REQUEST: php55u 5.5.14 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1338170: PHP 5 infoleak vulnerability leading to potential SSL key disclosure

		In	Importance	Status
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Lucid)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Trusty)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Precise)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Utopic)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1411811: Please update php, mysql on ubuntu 15.04

Summary				In	Importance	Status
	1411811	Please update php, mysql on ubuntu 15.04		php5 (Ubuntu)	Undecided	Fix Released
	1411811	Please update php, mysql on ubuntu 15.04		mysql-5.6 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3480

References