CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

• CWE-20

• http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
• http://linux.oracle.com/errata/ELSA-2014-1767.htmlThird Party Advisory
• http://linux.oracle.com/errata/ELSA-2014-1768.htmlThird Party Advisory
• http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.htmlMailing List, Third Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1766.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1767.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1768.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0760.htmlThird Party Advisory
• http://secunia.com/advisories/60630Third Party Advisory
• http://secunia.com/advisories/60699Third Party Advisory
• http://secunia.com/advisories/61763Third Party Advisory
• http://secunia.com/advisories/61970Third Party Advisory
• http://secunia.com/advisories/61982Third Party Advisory
• http://secunia.com/advisories/62347Third Party Advisory
• http://secunia.com/advisories/62559Third Party Advisory
• http://www.debian.org/security/2014/dsa-3072Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
• http://www.securityfocus.com/bid/70807Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1031344Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-2391-1Third Party Advisory
• http://www.ubuntu.com/usn/USN-2494-1Third Party Advisory
• https://bugs.php.net/bug.php?id=68283Patch, Vendor Advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=1155071Issue Tracking, Third Party Advisory
• https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0Patch, Third Party Advisory
• https://security.gentoo.org/glsa/201503-03Third Party Advisory
• https://security.gentoo.org/glsa/201701-42Third Party Advisory
• https://support.apple.com/HT204659Third Party Advisory
• https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.ascThird Party Advisory
• http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
• http://linux.oracle.com/errata/ELSA-2014-1767.htmlThird Party Advisory
• http://linux.oracle.com/errata/ELSA-2014-1768.htmlThird Party Advisory
• http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.htmlMailing List, Third Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1766.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1767.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2014-1768.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0760.htmlThird Party Advisory
• http://secunia.com/advisories/60630Third Party Advisory
• http://secunia.com/advisories/60699Third Party Advisory
• http://secunia.com/advisories/61763Third Party Advisory
• http://secunia.com/advisories/61970Third Party Advisory
• http://secunia.com/advisories/61982Third Party Advisory
• http://secunia.com/advisories/62347Third Party Advisory
• http://secunia.com/advisories/62559Third Party Advisory
• http://www.debian.org/security/2014/dsa-3072Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
• http://www.securityfocus.com/bid/70807Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1031344Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-2391-1Third Party Advisory
• http://www.ubuntu.com/usn/USN-2494-1Third Party Advisory
• https://bugs.php.net/bug.php?id=68283Patch, Vendor Advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=1155071Issue Tracking, Third Party Advisory
• https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0Patch, Third Party Advisory
• https://security.gentoo.org/glsa/201503-03Third Party Advisory
• https://security.gentoo.org/glsa/201701-42Third Party Advisory
• https://support.apple.com/HT204659Third Party Advisory
• https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.ascThird Party Advisory

Published

Nov 5, 2014

Last Modified

Jun 17, 2026

Status

Modified