5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.959 High
EPSS
Percentile
99.4%
Problem Description:
A specifically crafted Composite Document File (CDF)
file can trigger an out-of-bounds read or an invalid pointer
dereference. [CVE-2012-1571]
A flaw in regular expression in the awk script detector
makes use of multiple wildcards with unlimited repetitions.
[CVE-2013-7345]
A malicious input file could trigger infinite recursion
in libmagic(3). [CVE-2014-1943]
A specifically crafted Portable Executable (PE) can
trigger out-of-bounds read. [CVE-2014-2270]
Impact:
An attacker who can cause file(1) or any other applications
using the libmagic(3) library to be run on a maliciously
constructed input can the application to crash or consume
excessive CPU resources, resulting in a denial-of-service.