DEBIAN-CVE-2014-3478

DEBIAN-CVE-2014-3478 PUBLISHED CVSS 6.5 MEDIUM

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	file	0, 0, 0
Debian:12	file	0, 0, 0
Debian:14	file	0, 0, 0
Debian:13	file	0, 0, 0

Timeline

Jul 9, 2014 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2014-3478 advisory

Open in Interactive Console →