RHSA-2014:1765High

Red Hat Security Advisory: php54-php security update

Published
October 30, 2014
Last Modified
June 27, 2026

🔗 CVE IDs covered (25)

📋 Description

CVE-2013-6712 — php: heap-based buffer over-read in DateInterval CVE-2013-7345 — file: extensive backtracking in awk rule regular expression CVE-2014-0207 — file: cdf_read_short_sector insufficient boundary check CVE-2014-0237 — file: cdf_unpack_summary_info() excessive looping DoS CVE-2014-0238 — file: CDF property info parsing nelements infinite loop CVE-2014-1943 — file: unrestricted recursion in handling of indirect type rules CVE-2014-2270 — file: out-of-bounds access in search rules with offsets from input file CVE-2014-2497 — gd: NULL pointer dereference in gdImageCreateFromXpm() CVE-2014-3478 — file: mconvert incorrect handling of truncated pascal string size CVE-2014-3479 — file: cdf_check_stream_offset insufficient boundary check CVE-2014-3480 — file: cdf_count_chain insufficient boundary check CVE-2014-3487 — file: cdf_read_property_info insufficient boundary check CVE-2014-3515 — php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw CVE-2014-3538 — file: unrestricted regular expression matching CVE-2014-3587 — file: incomplete fix for CVE-2012-1571 in cdf_read_property_info CVE-2014-3597 — php: multiple buffer over-reads in php_parserr CVE-2014-3668 — php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() CVE-2014-3669 — php: integer overflow in unserialize() CVE-2014-3670 — php: heap corruption issue in exif_thumbnail() CVE-2014-3710 — file: out-of-bounds read in elf note headers CVE-2014-4049 — php: heap-based buffer overflow in DNS TXT record parsing CVE-2014-4670 — php: SPL Iterators use-after-free CVE-2014-4698 — php: ArrayIterator use-after-free due to object change during sorting CVE-2014-4721 — php: type confusion issue in phpinfo() leading to information leak CVE-2014-5120 — php: gd extension NUL byte injection in file names

🔗 References (28)