CVE-2014-9653

Published: 30 March 2015

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Priority

Low

Status

Package Release Status
file
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:5.25-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:5.25-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:5.25-2ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:5.25-2ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:5.14-2ubuntu3.4)
Patches:
Upstream: https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
php5
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable