Wind River Support Network

HomeDefectsLIN6-9745
Fixed

LIN6-9745 : Security Advisory - php - CVE-2014-9653

Created: Apr 16, 2015    Updated: Dec 3, 2018
Resolved Date: May 28, 2015
Found In Version: 6.0.0.19
Fix Version: 6.0.0.21
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9653

Other Downloads


Live chat
Online