QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-3710

Back to search

CVE-2014-3710

Published: Nov 5, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

VendorProductVersions

n/a

n/a

affected
n/a

References

62347
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:1767
vendor-advisory
x_refsource_REDHAT
USN-2391-1
vendor-advisory
x_refsource_UBUNTU
61982
third-party-advisory
x_refsource_SECUNIA
61763
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:1766
vendor-advisory
x_refsource_REDHAT
FreeBSD-SA-14:28
vendor-advisory
x_refsource_FREEBSD
DSA-3072
vendor-advisory
x_refsource_DEBIAN
RHSA-2016:0760
vendor-advisory
x_refsource_REDHAT
USN-2494-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2015-04-08-2
vendor-advisory
x_refsource_APPLE
61970
third-party-advisory
x_refsource_SECUNIA
1031344
vdb-entry
x_refsource_SECTRACK
RHSA-2014:1765
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2014:1516
vendor-advisory
x_refsource_SUSE
RHSA-2014:1768
vendor-advisory
x_refsource_REDHAT
GLSA-201701-42
vendor-advisory
x_refsource_GENTOO
60699
third-party-advisory
x_refsource_SECUNIA
GLSA-201503-03
vendor-advisory
x_refsource_GENTOO
70807
vdb-entry
x_refsource_BID
60630
third-party-advisory
x_refsource_SECUNIA
62559
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now