CVE-2014-0236

HIGH7.5EPSS 0.58%

Published: 5/16/2016Modified: 4/28/2026

Description

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

Affected packages (1)

Debian/filefrom 0, < 1:5.19-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0236