CVE-2014-3710

NameCVE-2014-3710
DescriptionThe donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-86-1, DLA-94-1, DSA-3072-1, DSA-3074-1
NVD severitymedium
Debian Bugs768806, 768807

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
file (PTS)jessie1:5.22+15-2+deb8u4fixed
jessie (security)1:5.22+15-2+deb8u7fixed
stretch (security), stretch1:5.30-1+deb9u3fixed
buster, buster (security)1:5.35-4+deb10u1fixed
bullseye, sid1:5.38-4fixed
php5 (PTS)jessie5.6.33+dfsg-0+deb8u1fixed
jessie (security)5.6.40+dfsg-0+deb8u8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
filesource(unstable)1:5.20-2768806
filesourcesqueeze5.04-5+squeeze8DLA-86-1
filesourcewheezy5.11-2+deb7u6DSA-3072-1
php5source(unstable)5.6.3+dfsg-1768807
php5sourcesqueeze5.3.3-7+squeeze23DLA-94-1
php5sourcewheezy5.4.35-0+deb7u1DSA-3074-1

Notes

Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
https://bugs.php.net/bug.php?id=68283
http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)

Search for package or bug name: Reporting problems