Main Vulnerability Database Vulnerabilities #VU110274

NULL pointer dereference in PHP - CVE-2014-0236

Published: February 13, 2023 / Updated: June 8, 2025

Vulnerability identifier: #VU110274

CSH Severity: Medium

CVSSv4.0:

CVE-ID: CVE-2014-0236

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

Remediation

Install update from vendor's website.

External links

http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=67329
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f3f22ff5c697aef854ffc1918bce708b37481b0f

NULL pointer dereference in PHP - CVE-2014-0236

Description

Remediation

External links

Please verify you're human