Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-314
HistoryMar 24, 2014 - 11:37 p.m.

Important: php55

2014-03-2423:37:00
alas.aws.amazon.com
14

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.4%

JSON

Issue Overview:

A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Affected Packages:

php55

Issue Correction:
Run yum update php55 to update your system.

New Packages:

i686:  
    php55-intl-5.5.10-1.67.amzn1.i686  
    php55-tidy-5.5.10-1.67.amzn1.i686  
    php55-snmp-5.5.10-1.67.amzn1.i686  
    php55-common-5.5.10-1.67.amzn1.i686  
    php55-embedded-5.5.10-1.67.amzn1.i686  
    php55-imap-5.5.10-1.67.amzn1.i686  
    php55-odbc-5.5.10-1.67.amzn1.i686  
    php55-xmlrpc-5.5.10-1.67.amzn1.i686  
    php55-cli-5.5.10-1.67.amzn1.i686  
    php55-process-5.5.10-1.67.amzn1.i686  
    php55-mbstring-5.5.10-1.67.amzn1.i686  
    php55-pdo-5.5.10-1.67.amzn1.i686  
    php55-5.5.10-1.67.amzn1.i686  
    php55-devel-5.5.10-1.67.amzn1.i686  
    php55-mcrypt-5.5.10-1.67.amzn1.i686  
    php55-fpm-5.5.10-1.67.amzn1.i686  
    php55-debuginfo-5.5.10-1.67.amzn1.i686  
    php55-opcache-5.5.10-1.67.amzn1.i686  
    php55-ldap-5.5.10-1.67.amzn1.i686  
    php55-recode-5.5.10-1.67.amzn1.i686  
    php55-gd-5.5.10-1.67.amzn1.i686  
    php55-pgsql-5.5.10-1.67.amzn1.i686  
    php55-gmp-5.5.10-1.67.amzn1.i686  
    php55-bcmath-5.5.10-1.67.amzn1.i686  
    php55-pspell-5.5.10-1.67.amzn1.i686  
    php55-enchant-5.5.10-1.67.amzn1.i686  
    php55-dba-5.5.10-1.67.amzn1.i686  
    php55-xml-5.5.10-1.67.amzn1.i686  
    php55-mysqlnd-5.5.10-1.67.amzn1.i686  
    php55-mssql-5.5.10-1.67.amzn1.i686  
    php55-soap-5.5.10-1.67.amzn1.i686  
  
src:  
    php55-5.5.10-1.67.amzn1.src  
  
x86_64:  
    php55-soap-5.5.10-1.67.amzn1.x86_64  
    php55-xmlrpc-5.5.10-1.67.amzn1.x86_64  
    php55-xml-5.5.10-1.67.amzn1.x86_64  
    php55-pspell-5.5.10-1.67.amzn1.x86_64  
    php55-intl-5.5.10-1.67.amzn1.x86_64  
    php55-fpm-5.5.10-1.67.amzn1.x86_64  
    php55-snmp-5.5.10-1.67.amzn1.x86_64  
    php55-tidy-5.5.10-1.67.amzn1.x86_64  
    php55-enchant-5.5.10-1.67.amzn1.x86_64  
    php55-process-5.5.10-1.67.amzn1.x86_64  
    php55-imap-5.5.10-1.67.amzn1.x86_64  
    php55-pgsql-5.5.10-1.67.amzn1.x86_64  
    php55-devel-5.5.10-1.67.amzn1.x86_64  
    php55-ldap-5.5.10-1.67.amzn1.x86_64  
    php55-mbstring-5.5.10-1.67.amzn1.x86_64  
    php55-mysqlnd-5.5.10-1.67.amzn1.x86_64  
    php55-odbc-5.5.10-1.67.amzn1.x86_64  
    php55-bcmath-5.5.10-1.67.amzn1.x86_64  
    php55-recode-5.5.10-1.67.amzn1.x86_64  
    php55-mcrypt-5.5.10-1.67.amzn1.x86_64  
    php55-common-5.5.10-1.67.amzn1.x86_64  
    php55-pdo-5.5.10-1.67.amzn1.x86_64  
    php55-gmp-5.5.10-1.67.amzn1.x86_64  
    php55-gd-5.5.10-1.67.amzn1.x86_64  
    php55-cli-5.5.10-1.67.amzn1.x86_64  
    php55-embedded-5.5.10-1.67.amzn1.x86_64  
    php55-dba-5.5.10-1.67.amzn1.x86_64  
    php55-5.5.10-1.67.amzn1.x86_64  
    php55-debuginfo-5.5.10-1.67.amzn1.x86_64  
    php55-mssql-5.5.10-1.67.amzn1.x86_64  
    php55-opcache-5.5.10-1.67.amzn1.x86_64

Additional References

Red Hat: CVE-2013-7327, CVE-2014-1943, CVE-2014-2270

Mitre: CVE-2013-7327, CVE-2014-1943, CVE-2014-2270

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686php55-intl< 5.5.10-1.67.amzn1php55-intl-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-tidy< 5.5.10-1.67.amzn1php55-tidy-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-snmp< 5.5.10-1.67.amzn1php55-snmp-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-common< 5.5.10-1.67.amzn1php55-common-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-embedded< 5.5.10-1.67.amzn1php55-embedded-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-imap< 5.5.10-1.67.amzn1php55-imap-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-odbc< 5.5.10-1.67.amzn1php55-odbc-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-xmlrpc< 5.5.10-1.67.amzn1php55-xmlrpc-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-cli< 5.5.10-1.67.amzn1php55-cli-5.5.10-1.67.amzn1.i686.rpm
Amazon Linux1i686php55-process< 5.5.10-1.67.amzn1php55-process-5.5.10-1.67.amzn1.i686.rpm
Rows per page:
1-10 of 621

Related

nessus 49
openvas 54
securityvulns 9
cve 6
prion 6
ubuntucve 6
ubuntu 4
fedora 10
f5 6
mageia 4
amazon 2
freebsd 3
freebsd_advisory 1
seebug 3
hackerone 1
osv 6
veracode 5
checkpoint_advisories 2
debian 8
gentoo 3
debiancve 2
slackware 1
redhat 3
oraclelinux 2
centos 2
rosalinux 1
nessus
nessus
Amazon Linux AMI : php55 (ALAS-2014-314)
2014-03-28 00:00:00
PHP 5.5.x < 5.5.10 Multiple Vulnerabilities
2014-03-10 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2014:059)
2014-03-17 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-314)
2015-09-08 00:00:00
Ubuntu Update for php5 USN-2126-1
2014-03-04 00:00:00
Ubuntu: Security Advisory (USN-2126-1)
2014-03-04 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:059 ] php
2014-03-18 00:00:00
PHP multiple security vulnerabilities
2014-03-18 00:00:00
USN-2126-1] PHP vulnerabilities
2014-03-13 00:00:00
cve
cve
CVE-2013-7327
2014-02-18 11:55:00
CVE-2013-7226
2014-02-18 11:55:00
CVE-2014-2270
2014-03-14 15:55:00
prion
prion
Null pointer dereference
2014-02-18 11:55:00
Integer overflow
2014-02-18 11:55:00
Out-of-bounds
2014-03-14 15:55:00
ubuntucve
ubuntucve
CVE-2013-7327
2014-02-18 00:00:00
CVE-2013-7226
2014-02-18 00:00:00
CVE-2014-2270
2014-03-14 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2014-03-03 00:00:00
file vulnerability
2014-04-07 00:00:00
PHP vulnerability
2014-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: file-5.11-13.fc19
2014-03-27 04:47:52
[SECURITY] Fedora 20 Update: file-5.14-17.fc20
2014-03-12 12:31:06
[SECURITY] Fedora 20 Update: php-5.5.10-1.fc20
2014-03-09 04:40:51
f5
f5
K15689 : Fine Free file vulnerabilites CVE-2014-1943 and CVE-2014-2270
2014-10-09 00:00:00
SOL15689 - Fine Free file vulnerabilites CVE-2014-1943 and CVE-2014-2270
2014-10-09 00:00:00
SOL15653 - Multiple PHP vulnerabilities
2014-10-02 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2014-04-04 21:33:24
Updated php packages fix security vulnerabilities
2014-04-04 16:08:18
Updated file package fixes security vulnerability
2014-02-22 23:10:59
amazon
amazon
Medium: php54
2014-03-24 23:37:00
Medium: file
2014-03-13 18:12:00
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-06-24 00:00:00
file -- out-of-bounds access in search rules with offsets from input file
2013-12-20 00:00:00
file -- denial of service
2014-02-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:16.file
2014-06-24 00:00:00
seebug
seebug
PHP 'ext/gd/gd.c' gdImageCrop空指针返回拒绝服务漏洞
2014-02-20 00:00:00
PHP Fileinfo组件越界内存破坏漏洞
2014-03-12 00:00:00
PHP 'ext/gd/gd.c'信息泄漏漏洞
2014-02-20 00:00:00
hackerone
hackerone
Internet Bug Bounty: PHP Heap Overflow Vulnerability in imagecrop()
2013-12-27 02:57:00
osv
osv
file - several
2014-03-11 00:00:00
file - denial of service
2014-02-16 00:00:00
php5 - denial of service
2014-03-02 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Out-of-Bounds Access
2018-08-13 18:00:16
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
checkpoint_advisories
checkpoint_advisories
PHP Libmagic Portable Executable Out-Of-Bounds Memory Access (CVE-2014-2270)
2014-05-18 00:00:00
PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)
2014-05-18 00:00:00
debian
debian
[SECURITY] [DSA 2868-1] php5 security update
2014-03-02 19:18:49
[SECURITY] [DSA 2861-1] file security update
2014-02-16 14:09:45
[SECURITY] [DSA 2873-1] file security update
2014-03-11 21:09:54
gentoo
gentoo
file: Denial of service
2014-03-13 00:00:00
file: Denial of service
2015-03-16 00:00:00
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
debiancve
debiancve
CVE-2014-1943
2014-02-18 19:55:00
CVE-2014-2270
2014-03-14 15:55:00
slackware
slackware
[slackware-security] php
2014-03-16 03:31:21
redhat
redhat
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
oraclelinux
oraclelinux
file security and bug fix update
2014-10-15 00:00:00
php53 and php security update
2014-08-06 00:00:00
centos
centos
file, python security update
2014-10-20 18:08:44
php, php53 security update
2014-08-06 14:53:37
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.4%

JSON
Related for ALAS-2014-314
nessus49openvas54securityvulns9cve6prion6ubuntucve6ubuntu4fedora10f56mageia4amazon2freebsd3freebsd_advisory1seebug3hackerone1osv6veracode5checkpoint_advisories2debian8gentoo3debiancve2slackware1redhat3oraclelinux2centos2rosalinux1