CVE-2014-3710 Information
Share on:Description
The donote function in readelf.c in file through 5.20 as used in the Fileinfo component in PHP 5.4.34 does not ensure that sufficient note headers are present which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Reference
http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1767.html http://rhn.redhat.com/errata/RHSA-2014-1768.html http://rhn.redhat.com/errata/RHSA-2016-0760.html http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 http://secunia.com/advisories/62347 http://secunia.com/advisories/62559 http://www.debian.org/security/2014/dsa-3072 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/70807 http://www.securitytracker.com/id/1031344 http://www.ubuntu.com/usn/USN-2391-1 http://www.ubuntu.com/usn/USN-2494-1 https://bugs.php.net/bug.php?id=68283 https://bugzilla.redhat.com/show_bug.cgi?id=1155071 https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 https://security.gentoo.org/glsa/201503-03 https://security.gentoo.org/glsa/201701-42 https://support.apple.com/HT204659 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc