Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-9653
HistoryMar 30, 2015 - 10:59 a.m.

CVE-2014-9653

2015-03-3010:59:03
CWE-20
[email protected]
web.nvd.nist.gov
149
cve-2014-9653
nvd
file
php
elf
security
vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Affected configurations

NVD
Node
file_projectfileRange5.21
Node
phpphpRange5.4.36
OR
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6
OR
phpphpMatch5.5.7
OR
phpphpMatch5.5.8
OR
phpphpMatch5.5.9
OR
phpphpMatch5.5.10
OR
phpphpMatch5.5.11
OR
phpphpMatch5.5.12
OR
phpphpMatch5.5.13
OR
phpphpMatch5.5.14
OR
phpphpMatch5.5.15
OR
phpphpMatch5.5.16
OR
phpphpMatch5.5.17
OR
phpphpMatch5.5.18
OR
phpphpMatch5.5.19
OR
phpphpMatch5.5.20
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
Node
debiandebian_linuxMatch7.0

Related

securityvulns 3
cvelist 1
ubuntucve 1
debiancve 1
altlinux 1
openvas 13
debian 2
nvd 1
nessus 21
prion 1
osv 1
veracode 1
gentoo 1
cloudfoundry 1
ubuntu 1
fedora 1
amazon 1
ibm 5
centos 2
redhat 2
oraclelinux 2
kaspersky 1
cloudlinux 1
rosalinux 1
securityvulns
securityvulns
[SECURITY] [DSA 3196-1] file security update
2015-03-18 00:00:00
libmagic / file / fileinfo / PHP security vulnerabilities
2015-03-18 00:00:00
[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
2015-09-14 00:00:00
cvelist
cvelist
CVE-2014-9653
2015-03-30 10:00:00
ubuntucve
ubuntucve
CVE-2014-9653
2015-03-30 00:00:00
debiancve
debiancve
CVE-2014-9653
2015-03-30 10:59:03
altlinux
altlinux
Security fix for the ALT Linux 8 package file version 4.26-alt13
2017-03-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 3196-1 (file - security update)
2015-03-18 00:00:00
Debian: Security Advisory (DLA-204-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3196-1)
2015-03-17 00:00:00
debian
debian
[SECURITY] [DLA 204-1] file security update
2015-04-19 13:06:12
[SECURITY] [DSA 3196-1] file security update
2015-03-18 17:58:15
nvd
nvd
CVE-2014-9653
2015-03-30 10:59:03
nessus
nessus
Debian DSA-3196-1 : file - security update
2015-03-19 00:00:00
Debian DLA-204-1 : file security update
2015-04-20 00:00:00
GLSA-201701-42 : file: Multiple vulnerabilities
2017-01-18 00:00:00
prion
prion
Design/Logic Flaw
2015-03-30 10:59:00
osv
osv
file - security update
2015-04-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:34
gentoo
gentoo
file: Multiple vulnerabilities
2017-01-17 00:00:00
cloudfoundry
cloudfoundry
USN-3686-1: file vulnerabilities | Cloud Foundry
2018-06-20 00:00:00
ubuntu
ubuntu
file vulnerabilities
2018-06-14 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: file-5.22-2.fc21
2015-02-18 05:55:37
amazon
amazon
Medium: file
2015-03-23 08:32:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
centos
centos
file, python security update
2016-05-16 10:13:44
file, python security update
2015-11-30 19:28:42
redhat
redhat
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
(RHSA-2015:2155) Moderate: file security and bug fix update
2015-11-19 14:41:30
oraclelinux
oraclelinux
file security, bug fix, and enhancement update
2016-05-12 00:00:00
file security and bug fix update
2015-11-23 00:00:00
kaspersky
kaspersky
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON
Related for CVE-2014-9653
securityvulns3cvelist1ubuntucve1debiancve1altlinux1openvas13debian2nvd1nessus21prion1osv1veracode1gentoo1cloudfoundry1ubuntu1fedora1amazon1ibm5centos2redhat2oraclelinux2kaspersky1cloudlinux1rosalinux1