CVE-2014-9653
file - security update
EPSS 6.8%
Description
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
How to fix CVE-2014-9653
To remediate CVE-2014-9653, upgrade the affected package to a fixed version below.
- Debian/file—upgrade to 1:5.22+15-1 or later
- Debian/file—upgrade to 5.04-5+squeeze10 or later
- —upgrade to 5.11-2+deb7u8 or later
Is CVE-2014-9653 being exploited?
Moderate — EPSS is 6.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1:5.22+15-1
- from 0, < 5.04-5+squeeze10
- from 0, < 5.11-2+deb7u8