Your submission was sent successfully! Close

CVE-2014-3710

Published: 24 October 2014

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Priority

Low

Status

Package Release Status
file
Launchpad, Ubuntu, Debian
lucid
Released (5.03-5ubuntu1.5)
precise
Released (5.09-2ubuntu0.6)
trusty
Released (1:5.14-2ubuntu3.3)
upstream Needs triage

utopic
Released (1:5.19-1ubuntu1.2)
Patches:
upstream: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0



php5
Launchpad, Ubuntu, Debian
lucid
Released (5.3.2-1ubuntu4.28)
precise
Released (5.3.10-1ubuntu3.15)
trusty
Released (5.5.9+dfsg-1ubuntu4.5)
upstream Needs triage

utopic
Released (5.5.12+dfsg-2ubuntu4.1)
Patches:

upstream: http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d
upstream: http://git.php.net/?p=php-src.git;a=commit;h=5b295bf19161b14d6c81151fd89c2f17bd50525c (5.5)
upstream: http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d (5.4)