Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3710

Published: 05/11/2014 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

The donote function in readelf.c in file up to and including 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

debian debian linux 8.0

debian debian linux 7.0

canonical ubuntu linux 14.10

canonical ubuntu linux 14.04

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Moderate: file security and bug fix update
Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...
Debian CVElist Bug Report Logs: file: CVE-2014-3710: denial of service (out-of-bounds read and application crash) via a crafted ELF file
Debian Bug report logs - #768806 file: CVE-2014-3710: denial of service (out-of-bounds read and application crash) via a crafted ELF file Package: src:file; Maintainer for src:file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 9 Nov 2014 12:48:02 ...
Ubuntu Security Notice: file vulnerabilities
file could be made to crash if it opened a specially crafted file ...
Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian Security Advisories: DSA-3074-1 php5 -- security update
Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially craf ...
Debian Security Advisories: DSA-3072-1 file -- security update
Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file For the stable distribution (wheezy), this problem has ...
Red Hat: CVE-2014-3710
An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file ...
Amazon Linux AMI: ALAS-2014-451
An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file ...
Amazon Linux AMI: ALAS-2014-453
An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file ...
Amazon Linux AMI: ALAS-2014-450
An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file ...

References

CWE-20https://bugzilla.redhat.com/show_bug.cgi?id=1155071https://bugs.php.net/bug.php?id=68283https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0http://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://secunia.com/advisories/60699http://secunia.com/advisories/61982http://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://www.ubuntu.com/usn/USN-2391-1http://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://secunia.com/advisories/60630http://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://secunia.com/advisories/61763http://secunia.com/advisories/61970http://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://www.debian.org/security/2014/dsa-3072http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.htmlhttps://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.aschttp://secunia.com/advisories/62347http://www.securitytracker.com/id/1031344http://secunia.com/advisories/62559http://www.ubuntu.com/usn/USN-2494-1http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/70807https://security.gentoo.org/glsa/201503-03https://security.gentoo.org/glsa/201701-42http://rhn.redhat.com/errata/RHSA-2016-0760.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0dhttps://access.redhat.com/errata/RHSA-2015:2155https://nvd.nist.govhttps://usn.ubuntu.com/2494-1/https://access.redhat.com/security/cve/cve-2014-3710
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook