CVE-2014-9653 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2014-9653?

CVE-2014-9653 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-9653?

Check the references section above for vendor advisories and patch information. Affected products include: File Project File, Php Php, Debian Debian Linux.

Vulnerability Description

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
File Project	File	<= 5.21
Php	Php	<= 5.4.36
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2014-9653?

CVE-2014-9653 is a vulnerability with a CVSS score of 7.5 (HIGH). readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of t...

How severe is CVE-2014-9653?

CVE-2014-9653 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9653?

Check the references section above for vendor advisories and patch information. Affected products include: File Project File, Php Php, Debian Debian Linux.