Vulnerability DatabaseCVE-2014-3710
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-3710
Published:November 05, 2014
Updated:May 17, 2026
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Related Resources (36)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugs.php.net/bug.php?id=68283
http://www.ubuntu.com/usn/USN-2391-1
http://www.ubuntu.com/usn/USN-2494-1
http://rhn.redhat.com/errata/RHSA-2014-1767.html
http://linux.oracle.com/errata/ELSA-2014-1768.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3710
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/60630
http://www.securitytracker.com/id/1031344
http://www.debian.org/security/2014/dsa-3072
http://secunia.com/advisories/62559
http://secunia.com/advisories/62347
http://secunia.com/advisories/61763
https://security.gentoo.org/glsa/201503-03
https://support.apple.com/HT204659
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://secunia.com/advisories/60699
http://secunia.com/advisories/61970
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
http://rhn.redhat.com/errata/RHSA-2014-1768.html
http://www.securityfocus.com/bid/70807
https://security.gentoo.org/glsa/201701-42
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html
http://secunia.com/advisories/61982
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://access.redhat.com/security/cve/CVE-2014-3710
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
https://bugzilla.redhat.com/show_bug.cgi?id=1155071
https://security-tracker.debian.org/tracker/CVE-2014-3710
http://linux.oracle.com/errata/ELSA-2014-1767.html
Do you need more information?
Contact Us
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
8.08