CVE-2014-9653
NONE EPSS 90.7%
Published Mar 30, 201511y ago · Modified Jun 17, 20262w ago
Published Mar 30, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
Threat Intelligence
EPSS Exploit Probability
90.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 49
| Vendor | Product | Version | Range |
|---|---|---|---|
| file_project | file | * | ≤5.21 |
| php | php | * | ≤5.4.36 |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.0 | any |
| php | php | 5.5.1 | any |
| php | php | 5.5.2 | any |
| php | php | 5.5.3 | any |
| php | php | 5.5.4 | any |
| php | php | 5.5.5 | any |
| php | php | 5.5.6 | any |
| php | php | 5.5.7 | any |
| php | php | 5.5.8 | any |
| php | php | 5.5.9 | any |
| php | php | 5.5.10 | any |
| php | php | 5.5.11 | any |
| php | php | 5.5.12 | any |
| php | php | 5.5.13 | any |
| php | php | 5.5.14 | any |
| php | php | 5.5.15 | any |
| php | php | 5.5.16 | any |
| php | php | 5.5.17 | any |
| php | php | 5.5.18 | any |
| php | php | 5.5.19 | any |
| php | php | 5.5.20 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.0 | any |
| php | php | 5.6.1 | any |
| php | php | 5.6.2 | any |
| php | php | 5.6.3 | any |
| php | php | 5.6.4 | any |
| debian | debian_linux | 7.0 | any |
References 15
- bugs.gw.com http://bugs.gw.com/view.php?id=409
- marc.info http://marc.info/?l=bugtraq&m=143748090628601&w=2
- marc.info http://marc.info/?l=bugtraq&m=144050155601375&w=2
- mx.gw.com http://mx.gw.com/pipermail/file/2014/001649.html
- openwall.com http://openwall.com/lists/oss-security/2015/02/05/13
- php.net http://php.net/ChangeLog-5.php
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-0760.html
- debian.org http://www.debian.org/security/2015/dsa-3196
- oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- securityfocus.com http://www.securityfocus.com/bid/72516
- github.com https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- security.gentoo.org https://security.gentoo.org/glsa/201701-42
- usn.ubuntu.com https://usn.ubuntu.com/3686-1/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.