VDB

GCVE-110-MAGEIA-2014-324

GCVE-110-MAGEIA-2014-324
Advisory Published
Vulnetix · Advisory published August 8, 2014
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for Mageia 4, and additional patches have been added to fix these issues and several other bugs. Also, php-apc has been rebuilt against the updated PHP versions and the php-timezonedb package has been updated to the latest version, 2014.5. Additionally, the jsonc extension has been upgraded to the 1.3.6 version.

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-apc3.1.14-7.11.mga3 (unaffected), 0 (affected)
Mageiaphp-timezonedb0 (affected), 2014.5-1.mga3 (unaffected)
Mageiaphp-timezonedb0 (affected), 2014.5-1.mga4 (unaffected)
Mageiaphp0 (affected), 5.5.15-1.1.mga4 (unaffected)
Mageiaphp-gd-bundled0 (affected), 5.4.31-1.mga3 (unaffected)
Mageiaphp0 (affected), 5.4.31-1.2.mga3 (unaffected)
Mageiaphp-apc0 (affected), 3.1.15-4.6.mga4 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›