#VU3892 Out-of-bounds read in file - CVE-2014-3710
Published: April 1, 2016 / Updated: November 27, 2018
Vulnerability identifier: #VU3892
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-3710
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
file
file
Software vendor:
Ian F. Darwin
Ian F. Darwin
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present. A remote attacker can trigger out-of-bounds read and cause the application to crash via a crafted ELF file.
The weakness exists due to the donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present. A remote attacker can trigger out-of-bounds read and cause the application to crash via a crafted ELF file.
Remediation
Install update from vendor's website.