PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities

Versions of PHP 5.4.x earlier than 5.4.30, or 5.5.x earlier than 5.5.14 are exposed to the following issues :

• Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions ‘cdf_read_short_sector’, ‘cdf_check_stream_offset’, ‘cdf_count_chain’ and ‘cdf_read_property_info’. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)
• A pascal string size handling error exists related to the Fileinfo extension and the function ‘mconvert’. (CVE-2014-3478)
• A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function ‘unserialize’. (CVE-2014-3515)
• An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)
• A heap-based buffer overflow error exists related to the function ‘dns_get_record’ that could allow execution of arbitrary code. (CVE-2014-4049)
• A type-confusion error exists related to the ‘php_print_info’ function which could allow disclosure of sensitive information. (CVE-2014-4721)
• An error exists related to the unserialization and ‘SplFileObject’ handling that could allow denial of service attacks. (Bug 67072)
• A double free error exists related to the ‘Intl’ extension and the method ‘Locale::parseLocale’ having an unspecified impact. (Bug 67349)
• A buffer overflow error exists related to the ‘Intl’ extension and the functions ‘locale_get_display_name’ and ‘uloc_getDisplayName’ having unspecified impact. (Bug 67397)
• An out-of-bounds read flaw affects the date_parse_from_format() function in ‘ext/date/lib/parse_date.c’ that is triggered as date parsing routines fail to check the end of strings. This may allow a remote attacker to crash an application linked against PHP or potentially disclose memory contents. (Bug 67251)
• An out-of-bounds read flaw affects the timelib_meridian_with_check() function in ‘ext/date/lib/parse_date.c’ that is triggered as string ends are not properly checked. This may allow a remote attacker to crash an application linked against PHP or potentially disclose memory contents. (Bug 67253)