Unrated severityNVD Advisory· Published Nov 5, 2014· Updated May 6, 2026

CVE-2014-3710

Description

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=5.4.0,<5.4.35
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.php.net/bug.phpnvdPatchVendor Advisory
github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0nvdPatchThird Party Advisory
linux.oracle.com/errata/ELSA-2014-1767.htmlnvdThird Party Advisory
linux.oracle.com/errata/ELSA-2014-1768.htmlnvdThird Party Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2014-11/msg00113.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1767.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1768.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0760.htmlnvdThird Party Advisory
secunia.com/advisories/60630nvdThird Party Advisory
secunia.com/advisories/60699nvdThird Party Advisory
secunia.com/advisories/61763nvdThird Party Advisory
secunia.com/advisories/61970nvdThird Party Advisory
secunia.com/advisories/61982nvdThird Party Advisory
secunia.com/advisories/62347nvdThird Party Advisory
secunia.com/advisories/62559nvdThird Party Advisory
www.debian.org/security/2014/dsa-3072nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvdThird Party Advisory
www.securityfocus.com/bid/70807nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1031344nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2391-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2494-1nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
security.gentoo.org/glsa/201503-03nvdThird Party Advisory
security.gentoo.org/glsa/201701-42nvdThird Party Advisory
support.apple.com/HT204659nvdThird Party Advisory
www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.ascnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000