CVE-2014-9653

NONE EPSS 90.7%
Published Mar 30, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 30, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Threat Intelligence

EPSS Exploit Probability
90.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 49

VendorProductVersionRange
file_projectfile* ≤5.21
phpphp* ≤5.4.36
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.0any
phpphp5.5.1any
phpphp5.5.2any
phpphp5.5.3any
phpphp5.5.4any
phpphp5.5.5any
phpphp5.5.6any
phpphp5.5.7any
phpphp5.5.8any
phpphp5.5.9any
phpphp5.5.10any
phpphp5.5.11any
phpphp5.5.12any
phpphp5.5.13any
phpphp5.5.14any
phpphp5.5.15any
phpphp5.5.16any
phpphp5.5.17any
phpphp5.5.18any
phpphp5.5.19any
phpphp5.5.20any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.0any
phpphp5.6.1any
phpphp5.6.2any
phpphp5.6.3any
phpphp5.6.4any
debiandebian_linux7.0any

References 15

  • bugs.gw.com http://bugs.gw.com/view.php?id=409
  • marc.info http://marc.info/?l=bugtraq&m=143748090628601&w=2
  • marc.info http://marc.info/?l=bugtraq&m=144050155601375&w=2
  • mx.gw.com http://mx.gw.com/pipermail/file/2014/001649.html
  • openwall.com http://openwall.com/lists/oss-security/2015/02/05/13
  • php.net http://php.net/ChangeLog-5.php
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-0760.html
  • debian.org http://www.debian.org/security/2015/dsa-3196
  • oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
  • securityfocus.com http://www.securityfocus.com/bid/72516
  • github.com https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
  • security.gentoo.org https://security.gentoo.org/glsa/201701-42
  • usn.ubuntu.com https://usn.ubuntu.com/3686-1/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.