VDB
GCVE-110-MAGEIA-2014-324
GCVE-110-MAGEIA-2014-324
Advisory Published
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted ArrayIterator
usage within applications in certain web-hosting environments (CVE-2014-4698).
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted iterator usage
within applications in certain web-hosting environments (CVE-2014-4670).
file before 5.19 does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file that triggers backtracking during
processing of an awk rule, due to an incomplete fix for CVE-2013-7345
(CVE-2014-3538).
The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for
Mageia 4, and additional patches have been added to fix these issues and
several other bugs.
Also, php-apc has been rebuilt against the updated PHP versions and the
php-timezonedb package has been updated to the latest version, 2014.5.
Additionally, the jsonc extension has been upgraded to the 1.3.6
version.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-apc | 3.1.14-7.11.mga3 (unaffected), 0 (affected) | — |
| Mageia | php-timezonedb | 0 (affected), 2014.5-1.mga3 (unaffected) | — |
| Mageia | php-timezonedb | 0 (affected), 2014.5-1.mga4 (unaffected) | — |
| Mageia | php | 0 (affected), 5.5.15-1.1.mga4 (unaffected) | — |
| Mageia | php-gd-bundled | 0 (affected), 5.4.31-1.mga3 (unaffected) | — |
| Mageia | php | 0 (affected), 5.4.31-1.2.mga3 (unaffected) | — |
| Mageia | php-apc | 0 (affected), 3.1.15-4.6.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.