CVE-2014-9653
Description
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.827
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Tool to determine file types (USN-3686-1) file_5.14-2ubuntu3.4_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.14-2ubuntu3.4_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.25-2ubuntu1.1_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.25-2ubuntu1.1_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.32-1ubuntu0.1_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.32-1ubuntu0.1_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.32-2ubuntu0.1_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) file_5.32-2ubuntu0.1_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.14-2ubuntu3.4_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.14-2ubuntu3.4_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.25-2ubuntu1.1_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.25-2ubuntu1.1_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.32-1ubuntu0.1_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.32-1ubuntu0.1_amd64.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.32-2ubuntu0.1_i386.deb | Linux |
| Tool to determine file types (USN-3686-1) libmagic1_5.32-2ubuntu0.1_amd64.deb | Linux |
| File update (ELSA-2016-0760) file-5.04-30.el6.x86_64.rpm | Linux |
| File-devel update (ELSA-2016-0760) file-devel-5.04-30.el6.x86_64.rpm | Linux |
| File-libs update (ELSA-2016-0760) file-libs-5.04-30.el6.x86_64.rpm | Linux |
| File-static update (ELSA-2016-0760) file-static-5.04-30.el6.x86_64.rpm | Linux |
| Python-magic update (ELSA-2016-0760) python-magic-5.04-30.el6.x86_64.rpm | Linux |
| File update (ELSA-2016-0760) file-5.04-30.el6.i686.rpm | Linux |
| File-devel update (ELSA-2016-0760) file-devel-5.04-30.el6.i686.rpm | Linux |
| File-libs update (ELSA-2016-0760) file-libs-5.04-30.el6.i686.rpm | Linux |
| File-static update (ELSA-2016-0760) file-static-5.04-30.el6.i686.rpm | Linux |
| Python-magic update (ELSA-2016-0760) python-magic-5.04-30.el6.i686.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234