CVE-2014-9705
published 2015-03-30CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
19.33%
97.0th percentile
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_el_capitan_v10.11 | — | — |
| php | php | <= 5.4.37 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2015-03-18·CVSS 5.0
CVE-2014-8117 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
Thomas Jarosch discovered that PHP incorrectly limited recursion in the
fileinfo extension. A remote attacker could possibly use this issue to
cause PHP to consume resources or crash, resulting in a denial of service.
(CVE-2014-8117)
S. Paraschoudis discovered that PHP incorrectly handled memory in the
enchant binding. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-9705)
Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-0273)
It was discovered that
Red Hat
php: heap buffer overflow in enchant_broker_request_dict()
vendor_redhat·2014-12-05·CVSS 7.5
CVE-2014-9705 [HIGH] CWE-122 php: heap buffer overflow in enchant_broker_request_dict()
php: heap buffer overflow in enchant_broker_request_dict()
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php54-php (Red Hat Software Collections) - Affected
Package: php55-php (Red Hat Software Collections) - Affected
Package: rh-php56-php (Red Hat So
Apple
CVE-2014-9705: OS X El Capitan v10.11
vendor_apple·CVSS 7.5
CVE-2014-9705 [HIGH] CVE-2014-9705: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2014-9705
Component: CVE-2014-9705
GHSA
GHSA-q6r4-r86g-67qg: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant
ghsa_unreviewed·2022-05-14
CVE-2014-9705 [HIGH] CWE-119 GHSA-q6r4-r86g-67qg: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
OSV
php5 vulnerabilities
osv·2015-03-18·CVSS 5.0
CVE-2014-8117 [MEDIUM] php5 vulnerabilities
php5 vulnerabilities
Thomas Jarosch discovered that PHP incorrectly limited recursion in the
fileinfo extension. A remote attacker could possibly use this issue to
cause PHP to consume resources or crash, resulting in a denial of service.
(CVE-2014-8117)
S. Paraschoudis discovered that PHP incorrectly handled memory in the
enchant binding. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-9705)
Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-0273)
It was discovered that PHP incorrectly handled memory in the phar
extension. A re
OSV
CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant
osv·2014-12-31·CVSS 7.5
CVE-2014-9705 [HIGH] CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00002.htmlhttp://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://openwall.com/lists/oss-security/2015/03/15/6http://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1218.htmlhttp://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803http://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:079http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/73031http://www.securitytracker.com/id/1031948http://www.ubuntu.com/usn/USN-2535-1https://bugs.php.net/bug.php?id=68552https://security.gentoo.org/glsa/201606-10https://support.apple.com/HT205267https://www.htbridge.com/advisory/HTB23252http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00002.htmlhttp://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://openwall.com/lists/oss-security/2015/03/15/6http://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1218.htmlhttp://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803http://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:079http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/73031http://www.securitytracker.com/id/1031948http://www.ubuntu.com/usn/USN-2535-1https://bugs.php.net/bug.php?id=68552https://security.gentoo.org/glsa/201606-10https://support.apple.com/HT205267https://www.htbridge.com/advisory/HTB23252
2015-03-30
Published