CVE-2014-3538

EPSS 33.0%

php5 - security update

Published: 7/3/2014Modified: 4/28/2026

Description

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Affected packages (4)

Debian/filefrom 0, < 1:5.19-1
Debian/filefrom 0, < 5.04-5+squeeze7
Debian/php5from 0, < 5.3.3-7+squeeze22
Debian/php5from 0, < 5.4.4-14+deb7u13

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3538