suse · CVE-2014-9653

Quick triage

Priority: high Published: 2021-05-30 13:24:58 UTC Updated: 2026-04-18 18:30:55 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-9653 severity important: SUSE including 51 source package names (0.9.1:file-5.22-10.3.1, 0.9.1:file-magic-5.22-10.3.1, …), 178 product×package rows across 59 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (59 product lines)): Fixed 170, Known Not Affected 8.

Description:

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

cvelogic Threat Intelligence