CVE-2014-9653
EPSS 6.8%file - security update
發布日:2015/3/30修改日:2026/4/28
描述
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
受影響套件(3)
- Debian/filefrom 0, < 1:5.22+15-1
- Debian/filefrom 0, < 5.04-5+squeeze10
- Debian/filefrom 0, < 5.11-2+deb7u8