CVE-2014-9653

Name of the Vulnerable Software and Affected Versions file versions prior to 5.22 PHP versions prior to 5.4.37 PHP versions 5.5.x prior to 5.5.21 PHP versions 5.6.x prior to 5.6.5

Description The issue is related to the readelf.c module in the file component, specifically in the Fileinfo component used by PHP. It involves incomplete reading of available data during a pread call, which can be exploited by a remote attacker. This exploitation can lead to a denial of service due to access to uninitialized memory or potentially have other unspecified impacts on the system. The attack can be carried out using a specially crafted ELF file.

Recommendations For file versions prior to 5.22, update to version 5.22 or later. For PHP versions prior to 5.4.37, update to version 5.4.37 or later. For PHP versions 5.5.x prior to 5.5.21, update to version 5.5.21 or later. For PHP versions 5.6.x prior to 5.6.5, update to version 5.6.5 or later.