Published: 30/03/2015 Updated: 16/06/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

readelf.c in file prior to 5.22, as used in the Fileinfo component in PHP prior to 5.4.37, 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote malicious users to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
file project file
php php
php php 5.5.0
php php 5.5.12
php php 5.5.13
php php 5.5.2
php php 5.5.20
php php 5.6.0
php php 5.6.1
php php 5.5.14
php php 5.5.15
php php 5.5.3
php php 5.5.4
php php 5.5.5
php php 5.6.2
php php 5.6.3
php php 5.5.10
php php 5.5.11
php php 5.5.18
php php 5.5.19
php php 5.5.8
php php 5.5.9
php php 5.5.1
php php 5.5.16
php php 5.5.17
php php 5.5.6
php php 5.5.7
php php 5.6.4
debian debian linux 7.0

Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...

Debian Bug report logs - #777585 file: CVE-2014-9653 Package: file; Maintainer for file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Source for file is src:file (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 10 Feb 2015 08:33:01 UTC Severity: important Tags: confirmed, secu ...

Several security issues were fixed in file ...

Hanno Boeck discovered that file's ELF parser is suspectible to denial of service For the stable distribution (wheezy), this problem has been fixed in version 511-2+deb7u8 For the upcoming stable distribution (jessie), this problem has been fixed in version 1:522+15-1 For the unstable distribution (sid), this problem has been fixed in version ...

The ELF parser in file 508 through 521 allows remote attackers to cause a denial of service via a large number of notes (CVE-2014-9620) The ELF parser (readelfc) in file before 521 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities ...

A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory ...

CWE-20 http://mx.gw.com/pipermail/file/2014/001649.html https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f http://bugs.gw.com/view.php?id=409 http://openwall.com/lists/oss-security/2015/02/05/13 http://php.net/ChangeLog-5.php http://www.debian.org/security/2015/dsa-3196 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/72516 https://security.gentoo.org/glsa/201701-42 http://rhn.redhat.com/errata/RHSA-2016-0760.html https://usn.ubuntu.com/3686-1/https://access.redhat.com/errata/RHSA-2015:2155 https://usn.ubuntu.com/3686-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-9653

CVE-2014-9653

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect