CVE-2015-1135 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-1135 PUBLISHED

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

EPSS 0.06% · 19.0th percentile

Risk Scores

EPSS Score

0.06%

19.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Apr 9, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://support.apple.com/HT204659 url
https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67 url
RHSA-2014:1766 vendor-advisory
DSA-3021 vendor-advisory
HPSBUX03102 vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html url
DSA-2974 vendor-advisory
59794 third-party-advisory
http://www.php.net/ChangeLog-5.php url
[file] 20140612 file-5.19 is now available mailing-list
APPLE-SA-2015-04-08-2 vendor-advisory
http://support.apple.com/kb/HT6443 url
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html url
RHSA-2014:1765 vendor-advisory
https://bugs.php.net/bug.php?id=67411 url
68241 vdb
59831 third-party-advisory
openSUSE-SU-2014:1236 vendor-advisory

Open in Interactive Console →