CVE-2014-0238
EPSS 24.5%
Description
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
How to fix CVE-2014-0238
To remediate CVE-2014-0238, upgrade the affected package to a fixed version below.
- Debian/file—upgrade to 1:5.19-1 or later
Is CVE-2014-0238 being exploited?
Moderate — EPSS is 24.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:5.19-1