View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-9653 low priority: Ubuntu including 2 source packages (file, php5), 36 status rows across 18 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, lucid, precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 19, DNE 11, ignored 4, needed 1, released 1.
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.