CVE-2014-1943
php5 - denial of service
EPSS 24.9%
Description
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
How to fix CVE-2014-1943
To remediate CVE-2014-1943, upgrade the affected package to a fixed version below.
- Debian/file—upgrade to 1:5.17-0.1 or later
- Debian/file—upgrade to 5.04-5+squeeze3 or later
- Debian/php5—upgrade to 5.3.3-7+squeeze19 or later
Is CVE-2014-1943 being exploited?
Moderate — EPSS is 24.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1:5.17-0.1
- from 0, < 5.04-5+squeeze3
- from 0, < 5.3.3-7+squeeze19