Computer Security
[EN] securityvulns.ru no-pyccku


PHP memory corruption
updated since 27.10.2014
Published:03.11.2014
Source:
SecurityVulns ID:14056
Type:library
Threat Level:
6/10
Description:exif_thumbnail() memory corruption on JPEG parsing. XMLRPC buffer overflow. object_custom function() integer overflow.
Affected:PHP : PHP 5.5
CVE:CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.)
 CVE-2014-3669 (Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.)
 CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.)
Original documentdocumentUBUNTU, [USN-2391-1] php5 vulnerabilities (03.11.2014)
 documentMANDRIVA, [ MDVSA-2014:202 ] php (27.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod