CVE-2014-3710

PHP 5.4.34 - Denial of Service via Crafted ELF File in Fileinfo Component

Title source: llm
STIX 2.1

Description

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

References (33)

Core 33
Core References
Patch, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=68283
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62347
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1767.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2391-1
Third Party Advisory x_refsource_confirm
https://support.apple.com/HT204659
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61982
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61763
Third Party Advisory x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1767.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory vendor-advisory x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
Third Party Advisory x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1768.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3072
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0760.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2494-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61970
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031344
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1768.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-42
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60699
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201503-03
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70807
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60630
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1155071
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62559

Scores

EPSS 0.0808
EPSS Percentile 92.2%

Details

CWE
CWE-20
Status published
Products (7)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
debian/debian_linux 7.0
debian/debian_linux 8.0
php/php 5.4.0 - 5.4.35
Published Nov 05, 2014
Tracked Since Feb 18, 2026