CVSS: 7.5EPSS: 86%CPEs: 46EXPL: 1CVE-2014-8142 – php: use after free vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2014-8142
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. Vulnerabilidad de uso después de liberación en la función process_nested_data en core/dom/ProcessingInstruction.cpp en ext/standard/var_unserializer.re en PHP anterior a 5.4.36, 5.5.x anterior a 5.5.20, y 5.6.x anterior a 5.6.4, permite a atacantes remotos ejecutar código arbitrario mediante una petición manipulada no serializada que aprovecha un tratamiento incorrecto de las claves duplicadas sin sin las propiedades serializadas de un objeto, una vulnerabilidad diferente de CVE-2004-1019. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=630f9c33c23639de85c3fd306b209b538b73b4c9 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.re • CWE-416: Use After Free •
CVSS: 5.0EPSS: 6%CPEs: 9EXPL: 0CVE-2014-3710 – file: out-of-bounds read in elf note headers
https://notcve.org/view.php?id=CVE-2014-3710
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función donote en readelf.c en file hasta 5.20, utilizado en el componente Fileinfo en PHP 5.4.34, no asegura que suficientes cabeceras de notas están presentes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un fichero ELF manipulado. An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1767.html http: • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 11%CPEs: 70EXPL: 1CVE-2014-3668 – php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
https://notcve.org/view.php?id=CVE-2014-3668
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Desbordamiento de buffer en la función date_from_ISO8601 en la implementación mkgmtime en libxmlrpc/xmlrpc.c en la extensión XMLRPC en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de (1) un primer argumento manipulado en la función xmlrpc_set_type o (2) un argumento manipulado en la función xmlrpc_decode, relacionado con una operación de lectura fuera de rango. An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 93%CPEs: 70EXPL: 1CVE-2014-3669 – php: integer overflow in unserialize()
https://notcve.org/view.php?id=CVE-2014-3669
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. Desbordamiento de enteros en la función object_custom en ext/standard/var_unserializer.c en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un argumento en la función unserialize que provoca el calculo de un valor grande de longitud. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159 http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 26%CPEs: 70EXPL: 1CVE-2014-3670 – php: heap corruption issue in exif_thumbnail()
https://notcve.org/view.php?id=CVE-2014-3670
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. La función exif_ifd_make_value en exif.c en la extensión EXIF en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 opera sobre arrays de punto flotante incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica y caída de aplicación) o posiblemente ejecutar código arbitrario a través de un imagen JPEG manipulado con datos 'thumbnail' TIFF que son manejados indebidamente por la función exif_thumbnail. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •