| Name | CVE-2014-3710 |
| Description | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-86-1, DLA-94-1, DSA-3072-1, DSA-3074-1 |
| Debian Bugs | 768806, 768807 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| file (PTS) | jessie, jessie (lts) | 1:5.22+15-2+deb8u7 | fixed |
| stretch (security), stretch (lts), stretch | 1:5.30-1+deb9u3 | fixed | |
| buster | 1:5.35-4+deb10u2 | fixed | |
| buster (security), buster (lts) | 1:5.35-4+deb10u1 | fixed | |
| bullseye (security), bullseye | 1:5.39-3+deb11u1 | fixed | |
| bookworm | 1:5.44-3 | fixed | |
| sid, trixie | 1:5.45-3 | fixed | |
| php5 (PTS) | jessie, jessie (lts) | 5.6.40+dfsg-0+deb8u21 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| file | source | squeeze | 5.04-5+squeeze8 | DLA-86-1 | ||
| file | source | wheezy | 5.11-2+deb7u6 | DSA-3072-1 | ||
| file | source | (unstable) | 1:5.20-2 | 768806 | ||
| php5 | source | squeeze | 5.3.3-7+squeeze23 | DLA-94-1 | ||
| php5 | source | wheezy | 5.4.35-0+deb7u1 | DSA-3074-1 | ||
| php5 | source | (unstable) | 5.6.3+dfsg-1 | 768807 |
Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
https://bugs.php.net/bug.php?id=68283
https://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)