Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/php54-php@5.4.16-22?arch=el6

Type rpm

Namespace redhat

Name php54-php

Version 5.4.16-22

Qualifiers

arch	el6

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-1s3x-b1vy-qyef

vulnerability_id

VCID-1s3x-b1vy-qyef

summary

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3538.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3538

reference_id

reference_type

scores

value	0.33041
scoring_system	epss
scoring_elements	0.96988
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1098222
reference_id	1098222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1098222

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

aliases

CVE-2014-3538

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1s3x-b1vy-qyef

url

VCID-2873-ph57-vqhd

vulnerability_id

VCID-2873-ph57-vqhd

summary

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3478.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3478.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3478

reference_id

reference_type

scores

value	0.37602
scoring_system	epss
scoring_elements	0.97279
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104863
reference_id	1104863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104863

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases

CVE-2014-3478

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-2873-ph57-vqhd

url VCID-2c9a-8dmq-a7e4

vulnerability_id VCID-2c9a-8dmq-a7e4

summary php: SPL Iterators use-after-free

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4670.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4670.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4670

reference_id

reference_type

scores

value	0.0049
scoring_system	epss
scoring_elements	0.65919
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1120266
reference_id	1120266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1120266

reference_url	https://access.redhat.com/errata/RHSA-2014:1326
reference_id	RHSA-2014:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1326

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases CVE-2014-4670

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c9a-8dmq-a7e4

url

VCID-2hx7-yt6y-6yfu

vulnerability_id

VCID-2hx7-yt6y-6yfu

summary

php: heap corruption issue in exif_thumbnail()

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3670.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3670.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3670

reference_id

reference_type

scores

value	0.35086
scoring_system	epss
scoring_elements	0.97121
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1154502
reference_id	1154502
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1154502

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2014:1767
reference_id	RHSA-2014:1767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1767

reference_url	https://access.redhat.com/errata/RHSA-2014:1768
reference_id	RHSA-2014:1768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1768

reference_url	https://access.redhat.com/errata/RHSA-2014:1824
reference_id	RHSA-2014:1824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1824

reference_url	https://access.redhat.com/errata/RHSA-2015:0021
reference_id	RHSA-2015:0021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0021

fixed_packages

aliases

CVE-2014-3670

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-2hx7-yt6y-6yfu

url VCID-3qud-akea-9ugs

vulnerability_id VCID-3qud-akea-9ugs

summary The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2497.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2497.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2497

reference_id

reference_type

scores

value	0.05174
scoring_system	epss
scoring_elements	0.90077
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1076676
reference_id	1076676
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1076676

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744719
reference_id	744719
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744719

reference_url	https://security.gentoo.org/glsa/201607-04
reference_id	GLSA-201607-04
reference_type
scores
url	https://security.gentoo.org/glsa/201607-04

reference_url	https://access.redhat.com/errata/RHSA-2014:1326
reference_id	RHSA-2014:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1326

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases CVE-2014-2497

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qud-akea-9ugs

url

VCID-4tr4-kyyh-qfbd

vulnerability_id

VCID-4tr4-kyyh-qfbd

summary

php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3515.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3515.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3515

reference_id

reference_type

scores

value	0.48662
scoring_system	epss
scoring_elements	0.97808
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1112154
reference_id	1112154
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1112154

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases

CVE-2014-3515

risk_score

0.2

exploitability

0.5

weighted_severity

0.4

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4tr4-kyyh-qfbd

url

VCID-529n-wwq1-3uh5

vulnerability_id

VCID-529n-wwq1-3uh5

summary

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-5120

reference_id

reference_type

scores

value	0.08774
scoring_system	epss
scoring_elements	0.92662
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5120

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1132793
reference_id	1132793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1132793

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases

CVE-2014-5120

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-529n-wwq1-3uh5

url

VCID-5f4s-ce83-pkcw

vulnerability_id

VCID-5f4s-ce83-pkcw

summary

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3710.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3710.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3710

reference_id

reference_type

scores

value	0.08075
scoring_system	epss
scoring_elements	0.92289
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1155071
reference_id	1155071
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1155071

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806
reference_id	768806
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806

reference_url	https://security.gentoo.org/glsa/201503-03
reference_id	GLSA-201503-03
reference_type
scores
url	https://security.gentoo.org/glsa/201503-03

reference_url	https://security.gentoo.org/glsa/201701-42
reference_id	GLSA-201701-42
reference_type
scores
url	https://security.gentoo.org/glsa/201701-42

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2014:1767
reference_id	RHSA-2014:1767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1767

reference_url	https://access.redhat.com/errata/RHSA-2014:1768
reference_id	RHSA-2014:1768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1768

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

aliases

CVE-2014-3710

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5f4s-ce83-pkcw

url VCID-84y5-7hge-vbhn

vulnerability_id VCID-84y5-7hge-vbhn

summary The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3480

reference_id

reference_type

scores

value	0.03336
scoring_system	epss
scoring_elements	0.87519
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104858
reference_id	1104858
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104858

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases CVE-2014-3480

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84y5-7hge-vbhn

url

VCID-avrk-szvf-13av

vulnerability_id

VCID-avrk-szvf-13av

summary

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3479

reference_id

reference_type

scores

value	0.05923
scoring_system	epss
scoring_elements	0.90782
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104869
reference_id	1104869
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104869

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases

CVE-2014-3479

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-avrk-szvf-13av

url

VCID-cuyy-h7c4-bkdj

vulnerability_id

VCID-cuyy-h7c4-bkdj

summary

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1943.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1943.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-1943

reference_id

reference_type

scores

value	0.24895
scoring_system	epss
scoring_elements	0.96262
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-1943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065836
reference_id	1065836
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065836

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832
reference_id	738832
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832

reference_url	https://security.gentoo.org/glsa/201403-03
reference_id	GLSA-201403-03
reference_type
scores
url	https://security.gentoo.org/glsa/201403-03

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

aliases

CVE-2014-1943

risk_score

0.1

exploitability

0.5

weighted_severity

0.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cuyy-h7c4-bkdj

url

VCID-ed1v-hdew-4qfj

vulnerability_id

VCID-ed1v-hdew-4qfj

summary

php: heap-based buffer overflow in DNS TXT record parsing

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4049

reference_id

reference_type

scores

value	0.30666
scoring_system	epss
scoring_elements	0.96812
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1108447
reference_id	1108447
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1108447

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases

CVE-2014-4049

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ed1v-hdew-4qfj

url

VCID-g7hu-58fp-wkh2

vulnerability_id

VCID-g7hu-58fp-wkh2

summary

php: integer overflow in unserialize()

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3669.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3669.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3669

reference_id

reference_type

scores

value	0.55955
scoring_system	epss
scoring_elements	0.98138
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1154500
reference_id	1154500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1154500

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2014:1767
reference_id	RHSA-2014:1767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1767

reference_url	https://access.redhat.com/errata/RHSA-2014:1768
reference_id	RHSA-2014:1768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1768

reference_url	https://access.redhat.com/errata/RHSA-2014:1824
reference_id	RHSA-2014:1824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1824

reference_url	https://access.redhat.com/errata/RHSA-2015:0021
reference_id	RHSA-2015:0021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0021

fixed_packages

aliases

CVE-2014-3669

risk_score

0.2

exploitability

0.5

weighted_severity

0.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-g7hu-58fp-wkh2

url

VCID-k6m7-rzf9-a3hy

vulnerability_id

VCID-k6m7-rzf9-a3hy

summary

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3487

reference_id

reference_type

scores

value	0.14502
scoring_system	epss
scoring_elements	0.94576
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1107544
reference_id	1107544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1107544

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases

CVE-2014-3487

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m7-rzf9-a3hy

url

VCID-kuga-71fb-c7gu

vulnerability_id

VCID-kuga-71fb-c7gu

summary

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2270

reference_id

reference_type

scores

value	0.30772
scoring_system	epss
scoring_elements	0.9682
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1072220
reference_id	1072220
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1072220

reference_url	https://security.gentoo.org/glsa/201503-08
reference_id	GLSA-201503-08
reference_type
scores
url	https://security.gentoo.org/glsa/201503-08

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

aliases

CVE-2014-2270

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-kuga-71fb-c7gu

url

VCID-mwnw-synf-fbc1

vulnerability_id

VCID-mwnw-synf-fbc1

summary

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0237

reference_id

reference_type

scores

value	0.2611
scoring_system	epss
scoring_elements	0.96387
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1098193
reference_id	1098193
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1098193

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases

CVE-2014-0237

risk_score

0.1

exploitability

0.5

weighted_severity

0.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-mwnw-synf-fbc1

url

VCID-nfed-ph6f-73dp

vulnerability_id

VCID-nfed-ph6f-73dp

summary

php: multiple buffer over-reads in php_parserr

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3597.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3597.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3597

reference_id

reference_type

scores

value	0.06957
scoring_system	epss
scoring_elements	0.91589
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1132589
reference_id	1132589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1132589

reference_url	https://access.redhat.com/errata/RHSA-2014:1326
reference_id	RHSA-2014:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1326

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases

CVE-2014-3597

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-nfed-ph6f-73dp

url VCID-pcbe-qz2w-ckcw

vulnerability_id VCID-pcbe-qz2w-ckcw

summary php: ArrayIterator use-after-free due to object change during sorting

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4698.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4698.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4698

reference_id

reference_type

scores

value	0.00491
scoring_system	epss
scoring_elements	0.65949
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4698

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1120259
reference_id	1120259
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1120259

reference_url	https://access.redhat.com/errata/RHSA-2014:1326
reference_id	RHSA-2014:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1326

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases CVE-2014-4698

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pcbe-qz2w-ckcw

url

VCID-qqgd-zrvc-2uaf

vulnerability_id

VCID-qqgd-zrvc-2uaf

summary

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3587.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3587.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3587

reference_id

reference_type

scores

value	0.30214
scoring_system	epss
scoring_elements	0.96769
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1128587
reference_id	1128587
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1128587

reference_url	https://access.redhat.com/errata/RHSA-2014:1326
reference_id	RHSA-2014:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1326

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

reference_url	https://access.redhat.com/errata/RHSA-2016:0760
reference_id	RHSA-2016:0760
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0760

fixed_packages

aliases

CVE-2014-3587

risk_score

0.1

exploitability

0.5

weighted_severity

0.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-qqgd-zrvc-2uaf

url VCID-scd1-g67x-3ybp

vulnerability_id VCID-scd1-g67x-3ybp

summary The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7345

reference_id

reference_type

scores

value	0.01128
scoring_system	epss
scoring_elements	0.7864
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1079846
reference_id	1079846
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1079846

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993
reference_id	703993
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993

reference_url	https://security.gentoo.org/glsa/201408-08
reference_id	GLSA-201408-08
reference_type
scores
url	https://security.gentoo.org/glsa/201408-08

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

aliases CVE-2013-7345

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scd1-g67x-3ybp

url

VCID-v62b-fqv9-dkhh

vulnerability_id

VCID-v62b-fqv9-dkhh

summary

php: heap-based buffer over-read in DateInterval

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6712.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6712.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6712

reference_id

reference_type

scores

value	0.17303
scoring_system	epss
scoring_elements	0.95163
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6712

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1035670
reference_id	1035670
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1035670

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

fixed_packages

aliases

CVE-2013-6712

risk_score

0.1

exploitability

0.5

weighted_severity

0.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-v62b-fqv9-dkhh

url

VCID-wmyz-1bey-bfde

vulnerability_id

VCID-wmyz-1bey-bfde

summary

php: type confusion issue in phpinfo() leading to information leak

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4721.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4721.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4721

reference_id

reference_type

scores

value	0.09887
scoring_system	epss
scoring_elements	0.9314
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1116662
reference_id	1116662
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1116662

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

fixed_packages

aliases

CVE-2014-4721

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyz-1bey-bfde

url

VCID-xvxf-js9u-yyff

vulnerability_id

VCID-xvxf-js9u-yyff

summary

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0238

reference_id

reference_type

scores

value	0.24474
scoring_system	epss
scoring_elements	0.96216
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1098155
reference_id	1098155
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1098155

reference_url	https://access.redhat.com/errata/RHSA-2014:1012
reference_id	RHSA-2014:1012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1012

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1606
reference_id	RHSA-2014:1606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1606

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases

CVE-2014-0238

risk_score

0.1

exploitability

0.5

weighted_severity

0.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xvxf-js9u-yyff

url VCID-z3zy-kryc-6bgu

vulnerability_id VCID-z3zy-kryc-6bgu

summary php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3668.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3668.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3668

reference_id

reference_type

scores

value	0.0082
scoring_system	epss
scoring_elements	0.74745
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1154503
reference_id	1154503
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1154503

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2014:1767
reference_id	RHSA-2014:1767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1767

reference_url	https://access.redhat.com/errata/RHSA-2014:1768
reference_id	RHSA-2014:1768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1768

fixed_packages

aliases CVE-2014-3668

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3zy-kryc-6bgu

url

VCID-zqdy-kvwk-3ubd

vulnerability_id

VCID-zqdy-kvwk-3ubd

summary

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0207

reference_id

reference_type

scores

value	0.09377
scoring_system	epss
scoring_elements	0.92932
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1091842
reference_id	1091842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1091842

reference_url	https://access.redhat.com/errata/RHSA-2014:1013
reference_id	RHSA-2014:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1013

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

reference_url	https://access.redhat.com/errata/RHSA-2015:2155
reference_id	RHSA-2015:2155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2155

fixed_packages

aliases

CVE-2014-0207

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zqdy-kvwk-3ubd

Fixing_vulnerabilities

Risk_score 0.2

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el6

Package Instance