CVE-2014-9705Improper Restriction of Operations within the Bounds of a Memory Buffer in PHP

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
7.5HIGHNVD
OSV5.0
EPSS
35.2%
top 2.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Php5PHPApple OS X EL Capitan V10.11
Timeline
PublishedMar 30
Latest updateJan 27

Description

Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.7
NVDphp/php5.4.37+28

🔴Vulnerability Details

3
GHSA
GHSA-q6r4-r86g-67qg: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant2022-05-14
OSV
php5 vulnerabilities2015-03-18
OSV
CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant2014-12-31

📋Vendor Advisories

4
CISA ICS
Festo Didactic SE MES PC2026-01-27
Ubuntu
PHP vulnerabilities2015-03-18
Red Hat
php: heap buffer overflow in enchant_broker_request_dict()2014-12-05
Apple
CVE-2014-9705: OS X El Capitan v10.11

💬Community

1
Bugzilla
CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()2015-02-20
CVE-2014-9705 — PHP vulnerability | cvebase