Description
[5.4.16-23]
- fileinfo: cdf_unpack_summary_info() excessive looping
DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
type confusion flaw. CVE-2014-3515