The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
Loading...
Loading...
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
June 1, 2014
May 6, 2026
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | php5-cli (5.3.2-1ubuntu4.25) @ lucid | 2026-05-28 | ubuntu |
| redhat | file-0:5.11-31.el7 | 2015-11-19 | redhat |
| redhat | php54-php-0:5.4.16-22.el7 | 2014-10-30 | redhat |
| redhat | php55-php-0:5.5.6-13.el7 | 2014-10-30 | redhat |
| redhat | file-0:5.04-21.el6 | 2014-10-13 | redhat |
| redhat | php-0:5.3.3-27.el6_5.1 | 2014-08-06 | redhat |
| redhat | php-0:5.4.16-23.el7_0 | 2014-08-06 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
RHSA-2014:1012 — Moderate
RHSA-2014:1013 — Moderate
RHSA-2014:1606 — Moderate
RHSA-2014:1765 — Moderate
RHSA-2014:1766 — Moderate
RHSA-2015:2155 — Moderate
PHP vulnerabilities
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
See which npm, PyPI, Go, and Maven packages are affected by CVE-2014-0237
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.