Out-of-bounds read in file - CVE-2014-3710
Published: April 1, 2016 / Updated: November 27, 2018
Vulnerability identifier: #VU3892
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-3710
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Ian F. Darwin
Affected software:
file
file
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present. A remote attacker can trigger out-of-bounds read and cause the application to crash via a crafted ELF file.
The weakness exists due to the donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present. A remote attacker can trigger out-of-bounds read and cause the application to crash via a crafted ELF file.
How to mitigate CVE-2014-3710
Install update from vendor's website.