CVSS: 7.5EPSS: 81%CPEs: 5EXPL: 0CVE-2014-3515 – php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
https://notcve.org/view.php?id=CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. El componente SPL en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14 anticipa incorrectamente que ciertas estructuras de datos tendrán el tipo de datos array después de deserialización, lo que permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada que provoca el uso de un destructor Hashtable, relacionado con problemas de 'confusión de tipos' en (1) ArrayObject y (2) SPLObjectStorage. A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/suppor • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.0EPSS: 15%CPEs: 79EXPL: 1CVE-2014-3478 – file: mconvert incorrect handling of truncated pascal string size
https://notcve.org/view.php?id=CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. Desbordamiento de buffer en la función mconvert en softmagic.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de una cadena Pascal manipulada en una conversión FILE_PSTRING. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://mx.gw.com/pipermail/file/2014/001553.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://su • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3981
https://notcve.org/view.php?id=CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. acinclude.m4, utilizado en la secuencia de comandos de configuración en PHP 5.5.13 y anteriores, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/phpglibccheck. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91bcadd85e20e50d3f8c2e9721327681640e6f16 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://openwall.com/lists/oss-security/2014/06/06/12 http://seclists.org/fulldisclosure/2014/Jun/21 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21683486 http://www.oracl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0CVE-2014-0237 – file: cdf_unpack_summary_info() excessive looping DoS
https://notcve.org/view.php?id=CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. La función cdf_unpack_summary_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) mediante la provocación de muchas llamadas file_printf. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 10%CPEs: 5EXPL: 0CVE-2014-0238 – file: CDF property info parsing nelements infinite loop
https://notcve.org/view.php?id=CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. La función cdf_read_property_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (bucle infinito o acceso a memoria fuera de rango) a través de un vector que (1) tiene longitud cero o (2) es demasiado largo. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •