VDB
GCVE-110-MAGEIA-2014-367
GCVE-110-MAGEIA-2014-367
Advisory Published
Updated php packages fix security vulnerabilities:
Integer overflow in the cdf_read_property_info function in cdf.c
in file through 5.19, as used in the Fileinfo component in PHP
before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to
cause a denial of service (application crash) via a crafted CDF
file. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2012-1571 (CVE-2014-3587).
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted DNS record, related
to the dns_get_record function and the dn_expand function. NOTE:
this issue exists because of an incomplete fix for CVE-2014-4049
(CVE-2014-3597).
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x
before 5.5.16 does not ensure that pathnames lack \%00 sequences,
which might allow remote attackers to overwrite arbitrary files
via crafted input to an application that calls the (1) imagegd, (2)
imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp,
or (7) imagewebp function (CVE-2014-5120).
The php packages have been updated to 5.4.32 for Mageia 3 and 5.5.16 for
Mageia 4, fixing these issues and several other bugs.
Note that the CVE-2014-5120 issue is only relevant for the php-gd-bundled
package in Mageia 3.
Also, php-apc has been rebuilt against the updated php packages.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-apc | 0 (affected), 3.1.14-7.12.mga3 (unaffected) | — |
| Mageia | php | 5.5.16-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | php-gd-bundled | 0 (affected), 5.4.32-1.mga3 (unaffected) | — |
| Mageia | php | 0 (affected), 5.4.32-1.mga3 (unaffected) | — |
| Mageia | php-apc | 3.1.15-4.7.mga4 (unaffected), 0 (affected) | — |
Aliases
References
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.