CVE-2014-3670

EPSS 35.09% · P97 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3670

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHP EXIF扩展缓冲区溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。EXIF（可交换图像文件的缩写）是其中的一个可记录图像的属性信息和拍摄数据的扩展。 PHP EXIF扩展中的exif.c脚本中‘exif_ifd_make_value’函数存在安全漏洞，该漏洞源于程序不正确地操作‘floating-point’数组。远程攻击者可借助带有TIFF缩略图数据的JPE

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-3670

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-3670

请登录查看更多情报信息。

http://linux.oracle.com/errata/ELSA-2014-1767.htmlx_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1768.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlx_refsource_CONFIRM
https://support.apple.com/HT204659x_refsource_CONFIRM
http://php.net/ChangeLog-5.phpx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1154502x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=68113x_refsource_CONFIRM
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409bx_refsource_CONFIRM
http://secunia.com/advisories/60699third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59967third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/70665vdb-entryx_refsource_BID
http://secunia.com/advisories/60630third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61982third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61970third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61763third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3064vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2391-1vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-1767.htmlvendor-advisoryx_refsource_REDHAT
RHSA-2014:1824 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1768.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1766.htmlvendor-advisoryx_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlvendor-advisoryx_refsource_SUSE
https://nvd.nist.gov/vuln/detail/CVE-2014-3670

Same Patch Batch · n/a · 2014-10-29 · 33 CVEs total

CVE-2014-8533		McAfee Network Data Loss Prevention 任意代码执行漏洞
CVE-2014-6149		IBM Tivoli Application Dependency Discovery Manager 目录遍历漏洞
CVE-2014-4877		GNU Wget 路径遍历漏洞
CVE-2014-4839		IBM TRIRIGA Application Platform 跨站请求伪造漏洞
CVE-2014-3698		Pidgin libpurple 信息泄露漏洞
CVE-2014-3697		Pidgin 绝对路径遍历漏洞
CVE-2014-3696		Pidgin 缓冲区溢出漏洞
CVE-2014-3695		Pidgin libpurple 缓冲区溢出漏洞
CVE-2014-3694		Pidgin libpurple 加密问题漏洞
CVE-2014-3669		PHP 数字错误漏洞
CVE-2014-3668		PHP XMLRPC扩展缓冲区溢出漏洞
CVE-2014-3051		IBM Tivoli Composite Application Manager for Transactions Internet Service Monitor代理加密问题漏洞
CVE-2014-8537		McAfee Network Data Loss Prevention 信息泄露漏洞
CVE-2014-8536		McAfee Network Data Loss Prevention 信息泄露漏洞
CVE-2014-8535		McAfee Network Data Loss Prevention 安全漏洞
CVE-2014-8534		McAfee Network Data Loss Prevention 拒绝服务漏洞
CVE-2014-8538		Android Hijab Modern应用程序加密问题漏洞
CVE-2014-8532		McAfee Network Data Loss Prevention 安全漏洞
CVE-2014-8531		McAfee Network Data Loss Prevention 加密问题漏洞
CVE-2014-8530		McAfee Network Data Loss Prevention 信息泄露漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-3670

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-3670

I. Basic Information for CVE-2014-3670

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-3670

III. Intelligence Information for CVE-2014-3670

Same Patch Batch · n/a · 2014-10-29 · 33 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-3670

Leave a comment