CVE-2014-3670 [Medium] | Memory Corruption in Php

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-29	35.02%	35.09%	+0.06%
2	2026-03-29	30.11%	35.02%	+4.92%
3	2026-03-04	—	30.11%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-04-29

35.02%

35.09%

+0.06%

2026-03-29

30.11%

35.02%

+4.92%

2026-03-04

—

30.11%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.8	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.6	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.8

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

8.6

6.4

[email protected]

OS Trackers for CVE-2014-3670

vendor	priority	summary	link
`gentoo`	normal	CVE-2014-3670: 1 GLSA(s) (201411-04), 1 atom(s) (dev-lang/php); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2014-3670
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2014-3670
`suse`	medium	CVE-2014-3670 severity moderate: SUSE including 901 source package names (apache2-mod_php5-5.2.14-0.7.30.62.1, apache2-mod_php5-5.5.14-7.1, …), 1354 product×package rows across 35 product lines (SUSE Enterprise Storage 7.1, SUSE Liberty Linux 7, … (35 product lines)): Fixed 796, Known Not Affected 558.	https://www.suse.com/security/cve/CVE-2014-3670/
`ubuntu`	medium	CVE-2014-3670 medium priority: Ubuntu including 1 source packages (php5), 5 status rows across 5 suites (lucid, precise, trusty, upstream, utopic): released 5.	https://ubuntu.com/security/CVE-2014-3670

Affected software / configurations for CVE-2014-3670

Vendor	Product	Version	Raw CPE
php	php	<= 5.4.33	cpe:2.3:a:php:php::::::::
php	php	5.4.0	cpe:2.3:a:php:php:5.4.0:::::::*
php	php	5.4.1	cpe:2.3:a:php:php:5.4.1:::::::*
php	php	5.4.2	cpe:2.3:a:php:php:5.4.2:::::::*
php	php	5.4.3	cpe:2.3:a:php:php:5.4.3:::::::*
php	php	5.4.4	cpe:2.3:a:php:php:5.4.4:::::::*
php	php	5.4.5	cpe:2.3:a:php:php:5.4.5:::::::*
php	php	5.4.6	cpe:2.3:a:php:php:5.4.6:::::::*
php	php	5.4.7	cpe:2.3:a:php:php:5.4.7:::::::*
php	php	5.4.8	cpe:2.3:a:php:php:5.4.8:::::::*
php	php	5.4.9	cpe:2.3:a:php:php:5.4.9:::::::*
php	php	5.4.10	cpe:2.3:a:php:php:5.4.10:::::::*
php	php	5.4.11	cpe:2.3:a:php:php:5.4.11:::::::*
php	php	5.4.12	cpe:2.3:a:php:php:5.4.12:::::::*
php	php	5.4.12	cpe:2.3:a:php:php:5.4.12:rc1::::::
php	php	5.4.12	cpe:2.3:a:php:php:5.4.12:rc2::::::
php	php	5.4.13	cpe:2.3:a:php:php:5.4.13:::::::*
php	php	5.4.13	cpe:2.3:a:php:php:5.4.13:rc1::::::
php	php	5.4.14	cpe:2.3:a:php:php:5.4.14:::::::*
php	php	5.4.14	cpe:2.3:a:php:php:5.4.14:rc1::::::
php	php	5.4.15	cpe:2.3:a:php:php:5.4.15:rc1::::::
php	php	5.4.16	cpe:2.3:a:php:php:5.4.16:rc1::::::
php	php	5.4.17	cpe:2.3:a:php:php:5.4.17:::::::*
php	php	5.4.18	cpe:2.3:a:php:php:5.4.18:::::::*
php	php	5.4.19	cpe:2.3:a:php:php:5.4.19:::::::*
php	php	5.4.20	cpe:2.3:a:php:php:5.4.20:::::::*
php	php	5.4.21	cpe:2.3:a:php:php:5.4.21:::::::*
php	php	5.4.22	cpe:2.3:a:php:php:5.4.22:::::::*
php	php	5.4.23	cpe:2.3:a:php:php:5.4.23:::::::*
php	php	5.4.24	cpe:2.3:a:php:php:5.4.24:::::::*
php	php	5.4.25	cpe:2.3:a:php:php:5.4.25:::::::*
php	php	5.4.26	cpe:2.3:a:php:php:5.4.26:::::::*
php	php	5.4.27	cpe:2.3:a:php:php:5.4.27:::::::*
php	php	5.4.28	cpe:2.3:a:php:php:5.4.28:::::::*
php	php	5.4.29	cpe:2.3:a:php:php:5.4.29:::::::*
php	php	5.4.30	cpe:2.3:a:php:php:5.4.30:::::::*
php	php	5.4.31	cpe:2.3:a:php:php:5.4.31:::::::*
php	php	5.4.32	cpe:2.3:a:php:php:5.4.32:::::::*
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:::::::*
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:alpha1::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:alpha2::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:alpha3::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:alpha4::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:alpha5::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:alpha6::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:beta1::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:beta2::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:beta3::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:beta4::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:rc1::::::
php	php	5.5.0	cpe:2.3:a:php:php:5.5.0:rc2::::::
php	php	5.5.1	cpe:2.3:a:php:php:5.5.1:::::::*
php	php	5.5.2	cpe:2.3:a:php:php:5.5.2:::::::*
php	php	5.5.3	cpe:2.3:a:php:php:5.5.3:::::::*
php	php	5.5.4	cpe:2.3:a:php:php:5.5.4:::::::*
php	php	5.5.5	cpe:2.3:a:php:php:5.5.5:::::::*
php	php	5.5.6	cpe:2.3:a:php:php:5.5.6:::::::*
php	php	5.5.7	cpe:2.3:a:php:php:5.5.7:::::::*
php	php	5.5.8	cpe:2.3:a:php:php:5.5.8:::::::*
php	php	5.5.9	cpe:2.3:a:php:php:5.5.9:::::::*
php	php	5.5.10	cpe:2.3:a:php:php:5.5.10:::::::*
php	php	5.5.11	cpe:2.3:a:php:php:5.5.11:::::::*
php	php	5.5.12	cpe:2.3:a:php:php:5.5.12:::::::*
php	php	5.5.13	cpe:2.3:a:php:php:5.5.13:::::::*
php	php	5.5.14	cpe:2.3:a:php:php:5.5.14:::::::*
php	php	5.5.15	cpe:2.3:a:php:php:5.5.15:::::::*
php	php	5.5.16	cpe:2.3:a:php:php:5.5.16:::::::*
php	php	5.5.17	cpe:2.3:a:php:php:5.5.17:::::::*
php	php	5.6.0	cpe:2.3:a:php:php:5.6.0:::::::*
php	php	5.6.1	cpe:2.3:a:php:php:5.6.1:::::::*

References for CVE-2014-3670

URL	Tags
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b
http://linux.oracle.com/errata/ELSA-2014-1767.html
http://linux.oracle.com/errata/ELSA-2014-1768.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2014-1767.html
http://rhn.redhat.com/errata/RHSA-2014-1768.html
http://rhn.redhat.com/errata/RHSA-2014-1824.html
http://secunia.com/advisories/59967
http://secunia.com/advisories/60630
http://secunia.com/advisories/60699
http://secunia.com/advisories/61763
http://secunia.com/advisories/61970
http://secunia.com/advisories/61982
http://www.debian.org/security/2014/dsa-3064
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/70665
http://www.ubuntu.com/usn/USN-2391-1
https://bugs.php.net/bug.php?id=68113	Exploit Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1154502
https://support.apple.com/HT204659

URL

CVE-2014-3670

Public exploit references (Exploit-DB) for CVE-2014-3670

Exploit prediction scoring system (EPSS) score for CVE-2014-3670

Common vulnerability scoring system (CVSS) metrics for CVE-2014-3670

Weakness enumeration for CVE-2014-3670

OS Trackers for CVE-2014-3670

Affected software / configurations for CVE-2014-3670

References for CVE-2014-3670