VDB
GCVE-110-MAGEIA-2014-430
GCVE-110-MAGEIA-2014-430
Advisory Published
An integer overflow flaw in PHP's unserialize() function was reported. If
unserialize() were used on untrusted data, this issue could lead to a crash or
potentially information disclosure (CVE-2014-3669).
A heap corruption issue was reported in PHP's exif_thumbnail() function. A
specially-crafted JPEG image could cause the PHP interpreter to crash or,
potentially, execute arbitrary code (CVE-2014-3670).
If client-supplied input was passed to PHP's cURL client as a URL to download,
it could return local files from the server due to improper handling of null
bytes (PHP#68089).
PHP has been updated to version 5.4.34 for Mageia 3 and 5.5.18 for Mageia 4,
which fix these issues and other bugs.
Additionally, the suhosin PHP extension has been updated to version 0.9.36
and a bug in the php zip extension that could cause a crash on Mageia 4 has
been fixed (mga#13820)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-apc | 3.1.14-7.13.mga3 (unaffected), 0 (affected) | — |
| Mageia | php-suhosin | 0 (affected), 0.9.36-1.mga3 (unaffected) | — |
| Mageia | php | 0 (affected), 5.5.18-1.1.mga4 (unaffected) | — |
| Mageia | php-gd-bundled | 5.4.34-1.mga3 (unaffected), 0 (affected) | — |
| Mageia | php-suhosin | 0 (affected), 0.9.36-1.mga4 (unaffected) | — |
| Mageia | php | 0 (affected), 5.4.34-1.mga3 (unaffected) | — |
| Mageia | php-apc | 3.1.15-4.8.mga4 (unaffected), 0 (affected) | — |
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.