Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2014-9653
HistoryMar 30, 2015 - 12:00 a.m.

CVE-2014-9653

2015-03-3000:00:00
ubuntu.com
ubuntu.com
13

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.4%

JSON

readelf.c in file before 5.22, as used in the Fileinfo component in PHP
before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not
consider that pread calls sometimes read only a subset of the available
data, which allows remote attackers to cause a denial of service
(uninitialized memory access) or possibly have unspecified other impact via
a crafted ELF file.

Bugs

Notes

Author Note
tyhicks readelf.c not used in php5 readelf.c does not use pread() in Precise or Lucid but it looks like short read()'s are still a problem
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchfile< 1:5.14-2ubuntu3.4UNKNOWN

Related

openvas 13
debian 2
cve 1
prion 1
nessus 20
altlinux 1
securityvulns 3
debiancve 1
veracode 1
osv 1
gentoo 1
fedora 1
ubuntu 1
cloudfoundry 1
amazon 1
ibm 5
redhat 2
centos 2
oraclelinux 2
kaspersky 1
cloudlinux 1
rosalinux 1
openvas
openvas
Debian Security Advisory DSA 3196-1 (file - security update)
2015-03-18 00:00:00
Debian: Security Advisory (DLA-204-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3196-1)
2015-03-17 00:00:00
debian
debian
[SECURITY] [DLA 204-1] file security update
2015-04-19 13:06:12
[SECURITY] [DSA 3196-1] file security update
2015-03-18 17:58:15
cve
cve
CVE-2014-9653
2015-03-30 10:59:00
prion
prion
Design/Logic Flaw
2015-03-30 10:59:00
nessus
nessus
Debian DSA-3196-1 : file - security update
2015-03-19 00:00:00
Debian DLA-204-1 : file security update
2015-04-20 00:00:00
GLSA-201701-42 : file: Multiple vulnerabilities
2017-01-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package file version 4.26-alt13
2017-03-28 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3196-1] file security update
2015-03-18 00:00:00
libmagic / file / fileinfo / PHP security vulnerabilities
2015-03-18 00:00:00
[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
2015-09-14 00:00:00
debiancve
debiancve
CVE-2014-9653
2015-03-30 10:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:34
osv
osv
file - security update
2015-04-19 00:00:00
gentoo
gentoo
file: Multiple vulnerabilities
2017-01-17 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: file-5.22-2.fc21
2015-02-18 05:55:37
ubuntu
ubuntu
file vulnerabilities
2018-06-14 00:00:00
cloudfoundry
cloudfoundry
USN-3686-1: file vulnerabilities | Cloud Foundry
2018-06-20 00:00:00
amazon
amazon
Medium: file
2015-03-23 08:32:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
redhat
redhat
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
(RHSA-2015:2155) Moderate: file security and bug fix update
2015-11-19 14:41:30
centos
centos
file, python security update
2016-05-16 10:13:44
file, python security update
2015-11-30 19:28:42
oraclelinux
oraclelinux
file security, bug fix, and enhancement update
2016-05-12 00:00:00
file security and bug fix update
2015-11-23 00:00:00
kaspersky
kaspersky
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.4%

JSON
Related for UB:CVE-2014-9653
openvas13debian2cve1prion1nessus20altlinux1securityvulns3debiancve1veracode1osv1gentoo1fedora1ubuntu1cloudfoundry1amazon1ibm5redhat2centos2oraclelinux2kaspersky1cloudlinux1rosalinux1