CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.2%
Versions earlier than 5.6.2, 5.5.18, and 5.4.34 are exposed to the following issues :
An array indexing flaw in the ‘date_from_ISO8601()’ function in ext/xmlrpc/libxmlrpc/xmlrpc.c could be used to disclose memory content (CVE-2014-3668)
A memory corruption vulnerability when processing thumbnails in the ‘exif_ifd_make_value()’ function of ext/exif/exif.c could potentially crash the system or be a vector for remote code execution (CVE-2014-3670)
An integer overflow condition in the ‘object_custom()’ function in ext/standard/var_unserializer.re can cause a crash (CVE-2014-3669)
Memory content disclosure in ext/curl/interface.c when handling NULL bytes (‘\0’) in cURL options.
Binary data 8563.prm