CVE-2014-3670

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.

References

http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b

http://linux.oracle.com/errata/ELSA-2014-1767.html

http://linux.oracle.com/errata/ELSA-2014-1768.html

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html

http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://rhn.redhat.com/errata/RHSA-2014-1767.html

http://rhn.redhat.com/errata/RHSA-2014-1768.html

http://rhn.redhat.com/errata/RHSA-2014-1824.html

http://secunia.com/advisories/59967

http://secunia.com/advisories/60630

http://secunia.com/advisories/60699

http://secunia.com/advisories/61763

http://secunia.com/advisories/61970

http://secunia.com/advisories/61982

http://www.debian.org/security/2014/dsa-3064

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/70665

http://www.ubuntu.com/usn/USN-2391-1

https://bugs.php.net/bug.php?id=68113

https://bugzilla.redhat.com/show_bug.cgi?id=1154502

https://support.apple.com/HT204659

Details

Source: MITRE

Published: 2014-10-29

Updated: 2016-10-18

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.31:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.32:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.33 (inclusive)

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
124997EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)NessusHuawei Local Security Checks
critical
700510Mac OS X 10.10.x < 10.10.3 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98809PHP 5.6.x < 5.6.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
119958SUSE SLES12 Security Update : php5 (SUSE-SU-2014:1497-1)NessusSuSE Local Security Checks
high
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
82700Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)NessusMacOS X Local Security Checks
critical
82699Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
critical
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82239Debian DLA-94-1 : php5 security updateNessusDebian Local Security Checks
high
80440RHEL 6 : php (RHSA-2015:0021)NessusRed Hat Local Security Checks
high
79307SuSE 11.3 Security Update : php53 (SAT Patch Number 9916)NessusSuSE Local Security Checks
high
79198openSUSE Security Update : php5 (openSUSE-SU-2014:1391-1)NessusSuSE Local Security Checks
high
79102openSUSE Security Update : php5 (openSUSE-SU-2014:1377-1)NessusSuSE Local Security Checks
high
79082Scientific Linux Security Update : php on SL5.x i386/x86_64 (20141106)NessusScientific Linux Local Security Checks
high
79080GLSA-201411-04 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
78909RHEL 5 : php (RHSA-2014:1824)NessusRed Hat Local Security Checks
high
78908Oracle Linux 5 : php (ELSA-2014-1824)NessusOracle Linux Local Security Checks
high
78895CentOS 5 : php (CESA-2014:1824)NessusCentOS Local Security Checks
high
78861Debian DSA-3064-1 : php5 - security updateNessusDebian Local Security Checks
high
78853Scientific Linux Security Update : php on SL6.x, SL7.x i386/x86_64 (20141030)NessusScientific Linux Local Security Checks
high
78852Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)NessusScientific Linux Local Security Checks
high
78831Slackware 14.0 / 14.1 / current : php (SSA:2014-307-03)NessusSlackware Local Security Checks
high
78783CentOS 5 : php53 (CESA-2014:1768)NessusCentOS Local Security Checks
high
78782CentOS 6 / 7 : php (CESA-2014:1767)NessusCentOS Local Security Checks
high
78778Amazon Linux AMI : php55 (ALAS-2014-435)NessusAmazon Linux Local Security Checks
high
78777Amazon Linux AMI : php54 (ALAS-2014-434)NessusAmazon Linux Local Security Checks
high
78761Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2391-1)NessusUbuntu Local Security Checks
high
78760RHEL 5 : php53 (RHSA-2014:1768)NessusRed Hat Local Security Checks
high
78759RHEL 6 / 7 : php (RHSA-2014:1767)NessusRed Hat Local Security Checks
high
78755Oracle Linux 5 : php53 (ELSA-2014-1768)NessusOracle Linux Local Security Checks
high
78754Oracle Linux 6 / 7 : php (ELSA-2014-1767)NessusOracle Linux Local Security Checks
high
78664Mandriva Linux Security Advisory : php (MDVSA-2014:202)NessusMandriva Local Security Checks
medium
8563PHP 5.4.x < 5.4.34 / 5.5.x < 5.5.18 / 5.6.x < 5.6.2 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
78547PHP 5.6.x < 5.6.2 Multiple VulnerabilitiesNessusCGI abuses
high
78546PHP 5.5.x < 5.5.18 Multiple VulnerabilitiesNessusCGI abuses
high
78545PHP 5.4.x < 5.4.34 Multiple VulnerabilitiesNessusCGI abuses
high