Debian: DSA-2974-1 High Severity: Multiple PHP Boundary Issues
debian
July 8, 2014
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development
Topics Covered
Summary
CVE-2014-0207
Francisco Alonso of the Red Hat Security Response Team reported an
incorrect boundary check in the cdf_read_short_sector() function.
CVE-2014-3478
Francisco Alonso of the Red Hat Security Response Team discovered a
flaw in the way the truncated pascal string size in the mconvert()
function is computed.
CVE-2014-3479
Francisco Alonso of the Red Hat Security Response Team reported an
incorrect boundary check in the cdf_check_stream_offset() function.
CVE-2014-3480
Francisco Alonso of the Red Hat Security Response Team reported an
insufficient boundary check in the cdf_count_chain() function.
CVE-2014-3487
Francisco Alonso of the Red Hat Security Response Team discovered an
incorrect boundary check in the cdf_read_property_info() funtion.
CVE-2014-3515
Stefan Esser discovered that the ArrayObject and the
SPLObjectStorage unserialize() handler do not verify the type of
unserialized data before using it. A remote attacker could use this
...
PREVIOUS
NEXT
Package: php5
CVE ID: CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!