Bug 1107544 – CVE-2014-3487 file: cdf_read_property_info insufficient boundary check

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1107544 - (CVE-2014-3487) CVE-2014-3487 file: cdf_read_property_info insufficient boundary check

Summary:	CVE-2014-3487 file: cdf_read_property_info insufficient boundary check

Status:	NEW

Aliases:	CVE-2014-3487

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140627,repor...
Keywords:	Security

Depends On:	1080180 1114453 1114454 1120981 1149768 1149774 1238984 1238985
Blocks:	1065838 1107545 1149858 1210268
	Show dependency tree / graph

Reported:	2014-06-10 03:32 EDT by Francisco Alonso
Modified:	2018-01-29 20:03 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
PHP Bug Tracker	67413	None	None	None	Never
Red Hat Product Errata	RHSA-2014:1013	normal	SHIPPED_LIVE	Moderate: php security update	2014-08-06 06:05:17 EDT
Red Hat Product Errata	RHSA-2014:1765	normal	SHIPPED_LIVE	Important: php54-php security update	2014-10-30 19:45:24 EDT
Red Hat Product Errata	RHSA-2014:1766	normal	SHIPPED_LIVE	Important: php55-php security update	2014-10-30 19:45:12 EDT
Red Hat Product Errata	RHSA-2015:2155	normal	SHIPPED_LIVE	Moderate: file security and bug fix update	2015-11-19 03:39:11 EST

Groups: None (edit)

Description Francisco Alonso 2014-06-10 03:32:12 EDT

A flaw was found in the way file uses cdf_read_property_info function when checks stream offsets for certain Composite Document Format (CDF).

Upstream commit:
https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d

Acknowledgements:

This issue was discovered by Francisco Alonso of Red Hat Product Security.

Comment 2 Remi Collet 2014-06-10 08:38:01 EDT

PHP commit:
http://git.php.net/?p=php-src.git;a=commit;h=25b1dc917a53787dbb2532721ca22f3f36eb13c0

Comment 3 Francisco Alonso 2014-06-30 02:21:14 EDT

Created php tracking bugs for this issue:

Affects: fedora-all [bug 1114454]

Comment 4 Francisco Alonso 2014-06-30 02:21:17 EDT

Created file tracking bugs for this issue:

Affects: fedora-all [bug 1114453]

Comment 5 Fedora Update System 2014-07-05 10:53:56 EDT

file-5.19-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Murray McAllister 2014-07-08 00:59:07 EDT

Statement:

This issue did not affect the versions of file, php, and php53 as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 9 Martin Prpič 2014-08-05 09:51:56 EDT

IssueDescription:

A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.

Comment 10 errata-xmlrpc 2014-08-06 02:06:05 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1013 https://rhn.redhat.com/errata/RHSA-2014-1013.html

Comment 13 errata-xmlrpc 2014-10-30 15:46:18 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html

Comment 14 errata-xmlrpc 2014-10-30 15:47:50 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html

Comment 18 errata-xmlrpc 2015-11-19 03:09:14 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html

Note You need to log in before you can comment on or make changes to this bug.