4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.08 Low
EPSS
Percentile
94.2%
Package : file
Version : 5.04-5+squeeze7
CVE ID : CVE-2014-3538 CVE-2014-3587
Debian Bug : -
CVE-2014-3538
file does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a
denial of service (CPU consumption).
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in
cdf.c allows remote attackers to cause a denial of service
(application crash).
Note: The other seven issues for wheezy, fixed in 5.11-2+deb7u4
(DSA-3021-1), were already handled in 5.04-5+squeeze6 (DLA 27-1) in
July 2014. Also, as an amendment, as a side effect of the changes
done back then then, the MIME type detection of some files had
improved from "application/octet-stream" to something more specific
like "application/x-dosexec" or "application/x-iso9660-image".
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armel | php5-imap | < 5.4.4-14+deb7u13 | php5-imap_5.4.4-14+deb7u13_armel.deb |
Debian | 7 | amd64 | php5-mysql | < 5.4.4-14+deb7u13 | php5-mysql_5.4.4-14+deb7u13_amd64.deb |
Debian | 7 | sparc | php5-common | < 5.4.4-14+deb7u13 | php5-common_5.4.4-14+deb7u13_sparc.deb |
Debian | 7 | kfreebsd-amd64 | php5-gd | < 5.4.4-14+deb7u13 | php5-gd_5.4.4-14+deb7u13_kfreebsd-amd64.deb |
Debian | 7 | mipsel | libmagic1 | < 5.11-2+deb7u4 | libmagic1_5.11-2+deb7u4_mipsel.deb |
Debian | 7 | s390x | php5-dev | < 5.4.4-14+deb7u13 | php5-dev_5.4.4-14+deb7u13_s390x.deb |
Debian | 7 | armhf | python-magic | < 5.11-2+deb7u4 | python-magic_5.11-2+deb7u4_armhf.deb |
Debian | 7 | s390x | libapache2-mod-php5 | < 5.4.4-14+deb7u13 | libapache2-mod-php5_5.4.4-14+deb7u13_s390x.deb |
Debian | 6 | i386 | php5-gd | < 5.3.3-7+squeeze22 | php5-gd_5.3.3-7+squeeze22_i386.deb |
Debian | 7 | sparc | php5-mcrypt | < 5.4.4-14+deb7u13 | php5-mcrypt_5.4.4-14+deb7u13_sparc.deb |