[v2.7] php: remote DoS, Fileinfo component (CVE-2014-0237 CVE-2014-0238)
CVE-2014-0237 / CVE-2014-0238:
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
(from redmine: issue id 3023, created on 2014-06-10, closed on 2014-06-11)
- parent #3020 (closed)
- Revision 5f553368 by Natanael Copa on 2014-06-10T15:45:26Z:
main/php: security upgrade to 5.5.13 (CVE-2014-0237,CVE-2014-0238) fixes #3023