CVE-2014-3710

NameCVE-2014-3710
DescriptionThe donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-86-1, DLA-94-1, DSA-3072-1, DSA-3074-1
NVD severitymedium (attack range: remote)
Debian Bugs768806, 768807

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
file (PTS)wheezy5.11-2+deb7u8fixed
wheezy (security)5.11-2+deb7u9fixed
jessie1:5.22+15-2+deb8u3fixed
stretch (security), stretch1:5.30-1+deb9u1fixed
buster, sid1:5.32-1fixed
php5 (PTS)wheezy5.4.45-0+deb7u2fixed
wheezy (security)5.4.45-0+deb7u11fixed
jessie (security), jessie5.6.30+dfsg-0+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
filesource(unstable)1:5.20-2medium768806
filesourcesqueeze5.04-5+squeeze8mediumDLA-86-1
filesourcewheezy5.11-2+deb7u6mediumDSA-3072-1
php5source(unstable)5.6.3+dfsg-1medium768807
php5sourcesqueeze5.3.3-7+squeeze23mediumDLA-94-1
php5sourcewheezy5.4.35-0+deb7u1mediumDSA-3074-1

Notes

Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
https://bugs.php.net/bug.php?id=68283
http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)

Search for package or bug name: Reporting problems