VDB

GCVE-110-MAGEIA-2014-282

GCVE-110-MAGEIA-2014-282
Advisory Published
Vulnetix · Advisory published July 4, 2014
A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file's libmagic library. Their announcement also references an issue in CDF file parsing, CVE-2014-0207, which was previously fixed in the file package in MGASA-2014-0252, but was not announced at that time.

Affected Products

VendorProductVersionsPlatforms
Mageiafile0 (affected), 5.16-1.4.mga4 (unaffected)
Mageiafile0 (affected), 5.12-8.5.mga3 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›