CVE-2014-9653 – file: malformed elf file causes access to uninitialized memory
https://notcve.org/view.php?id=CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. readelf.c en file anterior a 5.22, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no considera que las llamadas a pread a veces leen solamente un subjuego de los datos disponibles, lo que permite a atacantes remotos causar una denegación de servicio (acceso a memoria no inicializada) o posiblemente tener otro impacto a través de un fichero ELF manipulado. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory. • http://bugs.gw.com/view.php?id=409 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://mx.gw.com/pipermail/file/2014/001649.html http://openwall.com/lists/oss-security/2015/02/05/13 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.debian.org/security/2015/dsa-3196 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2014-9705 – php: heap buffer overflow in enchant_broker_request_dict()
https://notcve.org/view.php?id=CVE-2014-9705
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. Desbordamiento de buffer basado en memoria dinámica en la función enchant_broker_request_dict en ext/enchant/enchant.c en PHP anterior a 5.4.38, 5.5.x anterior a 5.5.22, y 5.6.x anterior a 5.6.6 permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan la creación de múltiples diccionarios. A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/03/15/6 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-0273 – PHP DateTime - Use-After-Free
https://notcve.org/view.php?id=CVE-2015-0273
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. Múltiples vulnerabilidades de uso después de liberación en ext/date/php_date.c en PHP anterior a 5.4.38, 5.5.x anterior a 5.5.22, y 5.6.x anterior a 5.6.6 permiten a atacantes remotos ejecutar código arbitrario a través de entradas serializadas manipuladas que contienen un especificador de tipo (1) R o (2) r en (a) datos de DateTimeZone manejados por la función php_date_timezone_initialize_from_hash o (b) datos de DateTime manejados por la función php_date_initialize_from_hash. A use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime. • https://www.exploit-db.com/exploits/36158 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=71335e6ebabc1b12c057d8017fd811892ecdfd24 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http& • CWE-416: Use After Free •
CVE-2015-1351 – php: use after free in opcache extension
https://notcve.org/view.php?id=CVE-2015-1351
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/to • CWE-416: Use After Free •
CVE-2014-9652 – file: out of bounds read in mconvert()
https://notcve.org/view.php?id=CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no maneja correctamente cierto campo de longitud de cadenas durante una copia de una versión trucada de una cadena Pascal, lo que podría permitir a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero manipulado. An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file. • http://bugs.gw.com/view.php?id=398 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •