Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2014-0237

Description

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Github

- https://github.com/ARPSyndicate/cve-scores