GCVE - cpe:2.3:a:php:php:5.4.32:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:5.4.32:*:*:*:*:*:*:*

part: a version: 5.4.32 update: *

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.512780

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3670`	vulnerable	2026-06-03 14:34:00.808081	Details available The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. Published: 2014-10-29T10:00:00.000Z Updated: 2024-08-06T10:50:17.945Z Open on db.gcve.eu Reference links http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b http://rhn.redhat.com/errata/RHSA-2014-1824.html http://secunia.com/advisories/59967 http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://rhn.redhat.com/errata/RHSA-2014-1767.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3669`	vulnerable	2026-06-03 14:34:00.805290	Details available Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. Published: 2014-10-29T10:00:00.000Z Updated: 2024-08-06T10:50:18.251Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2014-1824.html http://secunia.com/advisories/59967 http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://rhn.redhat.com/errata/RHSA-2014-1767.html http://www.ubuntu.com/usn/USN-2391-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3668`	vulnerable	2026-06-03 14:34:00.781498	Details available Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Published: 2014-10-29T10:00:00.000Z Updated: 2024-08-06T10:50:18.311Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59967 http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e http://rhn.redhat.com/errata/RHSA-2014-1767.html http://www.ubuntu.com/usn/USN-2391-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.