PublicDateAtUSN: 2014-08-22
Candidate: CVE-2014-3587
PublicDate: 2014-08-23 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
 https://bugs.php.net/bug.php?id=67716
 https://ubuntu.com/security/notices/USN-2344-1
 https://ubuntu.com/security/notices/USN-2369-1
Description:
 Integer overflow in the cdf_read_property_info function in cdf.c in file
 through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and
 5.5.x before 5.5.16, allows remote attackers to cause a denial of service
 (application crash) via a crafted CDF file.  NOTE: this vulnerability
 exists because of an incomplete fix for CVE-2012-1571.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: sarnold
CVSS: 

Patches_php5:
 upstream: https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
upstream_php5: needs-triage
lucid_php5: released (5.3.2-1ubuntu4.27)
precise_php5: released (5.3.10-1ubuntu3.14)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.4)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.4)
devel_php5: released (5.5.12+dfsg-2ubuntu4)

Patches_file:
upstream_file: needs-triage
lucid_file: released (5.03-5ubuntu1.4)
precise_file: released (5.09-2ubuntu0.5)
trusty_file: released (1:5.14-2ubuntu3.2)
trusty/esm_file: released (1:5.14-2ubuntu3.2)
devel_file: released (1:5.19-1ubuntu1.1)