Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_sector function. CVE-2014-3478 Francisco Alonso of the Red Hat Security Response Team discovered a flaw in the way the truncated pascal string size in the mconvert function is computed. CVE-2014-3479 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_check_stream_offset function. CVE-2014-3480 Francisco Alonso of the Red Hat Security Response Team reported an insufficient boundary check in the cdf_count_chain function. CVE-2014-3487 Francisco Alonso of the Red Hat Security Response Team discovered an incorrect boundary check in the cdf_read_property_info funtion. CVE-2014-3515 Stefan Esser discovered that the ArrayObject and the SPLObjectStorage unserialize handler do not verify the type of unserialized data before using it. A remote attacker could use this flaw to execute arbitrary code. CVE-2014-4721 Stefan Esser discovered a type confusion issue affecting phpinfo, which might allow an attacker to obtain sensitive information from process memory.