{"url":"http://public2.vulnerablecode.io/api/packages/176922?format=json","purl":"pkg:rpm/redhat/php@5.4.16-23?arch=el7_0","type":"rpm","namespace":"redhat","name":"php","version":"5.4.16-23","qualifiers":{"arch":"el7_0"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114197?format=json","vulnerability_id":"VCID-4tr4-kyyh-qfbd","summary":"php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3515.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3515","reference_id":"","reference_type":"","scores":[{"value":"0.48662","scoring_system":"epss","scoring_elements":"0.97808","published_at":"2026-06-04T12:55:00Z"},{"value":"0.48662","scoring_system":"epss","scoring_elements":"0.97812","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112154","reference_id":"1112154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"}],"fixed_packages":[],"aliases":["CVE-2014-3515"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tr4-kyyh-qfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67896?format=json","vulnerability_id":"VCID-84y5-7hge-vbhn","summary":"The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3480.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3480","reference_id":"","reference_type":"","scores":[{"value":"0.03336","scoring_system":"epss","scoring_elements":"0.8754","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03336","scoring_system":"epss","scoring_elements":"0.87519","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"http://mx.gw.com/pipermail/file/2014/001553.html","reference_id":"001553.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://mx.gw.com/pipermail/file/2014/001553.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104858","reference_id":"1104858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104858"},{"reference_url":"https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382","reference_id":"40bade80cbe2af1d0b2cd0420cebd5d5905a2382","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382"},{"reference_url":"http://secunia.com/advisories/59794","reference_id":"59794","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://secunia.com/advisories/59794"},{"reference_url":"http://secunia.com/advisories/59831","reference_id":"59831","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://secunia.com/advisories/59831"},{"reference_url":"http://www.securityfocus.com/bid/68238","reference_id":"68238","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.securityfocus.com/bid/68238"},{"reference_url":"https://bugs.php.net/bug.php?id=67412","reference_id":"bug.php?id=67412","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"https://bugs.php.net/bug.php?id=67412"},{"reference_url":"http://www.php.net/ChangeLog-5.php","reference_id":"ChangeLog-5.php","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.php.net/ChangeLog-5.php"},{"reference_url":"http://www.debian.org/security/2014/dsa-2974","reference_id":"dsa-2974","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.debian.org/security/2014/dsa-2974"},{"reference_url":"http://www.debian.org/security/2014/dsa-3021","reference_id":"dsa-3021","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://www.debian.org/security/2014/dsa-3021"},{"reference_url":"https://support.apple.com/HT204659","reference_id":"HT204659","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"https://support.apple.com/HT204659"},{"reference_url":"http://support.apple.com/kb/HT6443","reference_id":"HT6443","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://support.apple.com/kb/HT6443"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","reference_id":"msg00046.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html","reference_id":"RHSA-2014-1765.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html","reference_id":"RHSA-2014-1766.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:25:26Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[],"aliases":["CVE-2014-3480"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84y5-7hge-vbhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67895?format=json","vulnerability_id":"VCID-avrk-szvf-13av","summary":"The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3479","reference_id":"","reference_type":"","scores":[{"value":"0.05923","scoring_system":"epss","scoring_elements":"0.90782","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05923","scoring_system":"epss","scoring_elements":"0.90796","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104869","reference_id":"1104869","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[],"aliases":["CVE-2014-3479"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avrk-szvf-13av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114222?format=json","vulnerability_id":"VCID-ed1v-hdew-4qfj","summary":"php: heap-based buffer overflow in DNS TXT record parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4049","reference_id":"","reference_type":"","scores":[{"value":"0.30666","scoring_system":"epss","scoring_elements":"0.96812","published_at":"2026-06-04T12:55:00Z"},{"value":"0.30666","scoring_system":"epss","scoring_elements":"0.96817","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1108447","reference_id":"1108447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1108447"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://usn.ubuntu.com/2254-1/","reference_id":"USN-2254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2254-1/"}],"fixed_packages":[],"aliases":["CVE-2014-4049"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed1v-hdew-4qfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67897?format=json","vulnerability_id":"VCID-k6m7-rzf9-a3hy","summary":"The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3487","reference_id":"","reference_type":"","scores":[{"value":"0.14502","scoring_system":"epss","scoring_elements":"0.94576","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14502","scoring_system":"epss","scoring_elements":"0.94584","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1107544","reference_id":"1107544","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1107544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[],"aliases":["CVE-2014-3487"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m7-rzf9-a3hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67890?format=json","vulnerability_id":"VCID-mwnw-synf-fbc1","summary":"The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0237.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0237","reference_id":"","reference_type":"","scores":[{"value":"0.2611","scoring_system":"epss","scoring_elements":"0.96387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2611","scoring_system":"epss","scoring_elements":"0.96392","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098193","reference_id":"1098193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098193"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2254-1/","reference_id":"USN-2254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2254-1/"}],"fixed_packages":[],"aliases":["CVE-2014-0237"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwnw-synf-fbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67887?format=json","vulnerability_id":"VCID-scd1-g67x-3ybp","summary":"The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7345","reference_id":"","reference_type":"","scores":[{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.7864","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.78667","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1079846","reference_id":"1079846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1079846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993","reference_id":"703993","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"},{"reference_url":"https://security.gentoo.org/glsa/201408-08","reference_id":"GLSA-201408-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-08"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[],"aliases":["CVE-2013-7345"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scd1-g67x-3ybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114214?format=json","vulnerability_id":"VCID-wmyz-1bey-bfde","summary":"php: type confusion issue in phpinfo() leading to information leak","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4721","reference_id":"","reference_type":"","scores":[{"value":"0.09887","scoring_system":"epss","scoring_elements":"0.9314","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09887","scoring_system":"epss","scoring_elements":"0.93151","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116662","reference_id":"1116662","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"}],"fixed_packages":[],"aliases":["CVE-2014-4721"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmyz-1bey-bfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67891?format=json","vulnerability_id":"VCID-xvxf-js9u-yyff","summary":"The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0238.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0238","reference_id":"","reference_type":"","scores":[{"value":"0.24474","scoring_system":"epss","scoring_elements":"0.96216","published_at":"2026-06-04T12:55:00Z"},{"value":"0.24474","scoring_system":"epss","scoring_elements":"0.96221","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098155","reference_id":"1098155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1098155"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1012","reference_id":"RHSA-2014:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1606","reference_id":"RHSA-2014:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2254-1/","reference_id":"USN-2254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2254-1/"}],"fixed_packages":[],"aliases":["CVE-2014-0238"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvxf-js9u-yyff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67888?format=json","vulnerability_id":"VCID-zqdy-kvwk-3ubd","summary":"The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0207","reference_id":"","reference_type":"","scores":[{"value":"0.09377","scoring_system":"epss","scoring_elements":"0.92932","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09377","scoring_system":"epss","scoring_elements":"0.92943","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721"},{"reference_url":"http://mx.gw.com/pipermail/file/2014/001553.html","reference_id":"001553.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://mx.gw.com/pipermail/file/2014/001553.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091842","reference_id":"1091842","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091842"},{"reference_url":"http://secunia.com/advisories/59794","reference_id":"59794","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://secunia.com/advisories/59794"},{"reference_url":"http://secunia.com/advisories/59831","reference_id":"59831","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://secunia.com/advisories/59831"},{"reference_url":"http://www.securityfocus.com/bid/68243","reference_id":"68243","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.securityfocus.com/bid/68243"},{"reference_url":"https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391","reference_id":"6d209c1c489457397a5763bca4b28e43aac90391","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"},{"reference_url":"https://bugs.php.net/bug.php?id=67326","reference_id":"bug.php?id=67326","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://bugs.php.net/bug.php?id=67326"},{"reference_url":"http://www.php.net/ChangeLog-5.php","reference_id":"ChangeLog-5.php","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.php.net/ChangeLog-5.php"},{"reference_url":"http://www.debian.org/security/2014/dsa-2974","reference_id":"dsa-2974","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.debian.org/security/2014/dsa-2974"},{"reference_url":"http://www.debian.org/security/2014/dsa-3021","reference_id":"dsa-3021","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://www.debian.org/security/2014/dsa-3021"},{"reference_url":"https://support.apple.com/HT204659","reference_id":"HT204659","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"https://support.apple.com/HT204659"},{"reference_url":"http://support.apple.com/kb/HT6443","reference_id":"HT6443","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://support.apple.com/kb/HT6443"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","reference_id":"msg00046.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1013","reference_id":"RHSA-2014:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html","reference_id":"RHSA-2014-1765.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1765.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html","reference_id":"RHSA-2014-1766.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T20:29:01Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1766.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2276-1/","reference_id":"USN-2276-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2276-1/"},{"reference_url":"https://usn.ubuntu.com/2278-1/","reference_id":"USN-2278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2278-1/"}],"fixed_packages":[],"aliases":["CVE-2014-0207"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqdy-kvwk-3ubd"}],"fixing_vulnerabilities":[],"risk_score":"0.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.4.16-23%3Farch=el7_0"}