MGASA-2014-0542

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2014-8142

Published: 21 Dec 2014, 20:47

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Dec 2014, 20:47

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated php packages fix CVE-2014-8142 Updated php packages fix security vulnerability: A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142). PHP has been updated to version 5.5.20, which fixes these issues and other bugs.

Affected Systems

mageia•php
< 5.5.20-1.mga4
mageia•php-apc
< 3.1.15-4.10.mga4

References (4)

https://advisories.mageia.org/MGASA-2014-0542.html
https://bugs.mageia.org/show_bug.cgi?id=14848
http://www.php.net/ChangeLog-5.php#5.5.20
https://bugzilla.redhat.com/show_bug.cgi?id=1175718