CVE-2014-3710
Summary
| CVE | CVE-2014-3710 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-11-05 11:55:06 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| openSUSE-SU-2014:1516-1: moderate: Security update for file | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc | af854a3a-2127-422b-91ae-364da2661108 | www.freebsd.org | Third Party Advisory |
| About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| Security Advisory SA61970 - Oracle Linux update for php53 - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Fix note bounds reading, Francisco Alonso / Red Hat · file/file@39c7ac1 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| PHP :: Sec Bug #68283 :: fileinfo: out-of-bounds read in elf note headers | af854a3a-2127-422b-91ae-364da2661108 | bugs.php.net | Patch, Vendor Advisory |
| Security Advisory SA60699 - Red Hat update for php - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Security Advisory SA61982 - Oracle Linux update for php - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Oracle Bulletin Board Update - January 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| USN-2494-1: file vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Security Advisory SA62347 - Debian update for file - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | Mailing List, Third Party Advisory |
| linux.oracle.com | ELSA-2014-1768 | af854a3a-2127-422b-91ae-364da2661108 | linux.oracle.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| file: Multiple vulnerabilities (GLSA 201701-42) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| USN-2391-1: php5 vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Security Advisory SA61763 - Ubuntu update for php5 - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Security Advisory SA62559 - Debian update for php5 - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Oracle Solaris Third Party Bulletin - July 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| PHP 'donote()' Function Out-of-Bounds Read Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| PHP: Multiple vulnerabilities (GLSA 201503-03) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| Security Advisory SA60630 - Red Hat update for php53 - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Oracle Linux Bulletin - October 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| Oracle Linux Bulletin - April 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| 208.43.231.11 Git - php-src.git/commit | af854a3a-2127-422b-91ae-364da2661108 | git.php.net | |
| Debian -- Security Information -- DSA-3072-1 file | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| Bug 1155071 – CVE-2014-3710 file: out-of-bounds read in elf note headers | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| linux.oracle.com | ELSA-2014-1767 | af854a3a-2127-422b-91ae-364da2661108 | linux.oracle.com | Third Party Advisory |
| 208.43.231.11 Git - php-src.git/commit | MITRE | git.php.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710357 Gentoo Linux file Multiple Vulnerabilities (GLSA 201701-42)