{"id":"CVE-2014-9653","details":"readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.","modified":"2026-01-27T04:13:34.478992Z","published":"2015-03-30T10:59:03Z","withdrawn":"2026-01-27T04:13:34.478992Z","related":["SUSE-SU-2017:3048-1"],"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0760.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3196"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-42"},{"type":"FIX","url":"https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f"},{"type":"WEB","url":"http://bugs.gw.com/view.php?id=409"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=143748090628601&w=2"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=144050155601375&w=2"},{"type":"WEB","url":"http://mx.gw.com/pipermail/file/2014/001649.html"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/02/05/13"},{"type":"WEB","url":"http://php.net/ChangeLog-5.php"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/72516"},{"type":"WEB","url":"https://usn.ubuntu.com/3686-1/"}],"schema_version":"1.7.3"}