5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.0%
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The Mageia 3 update also fixes a possible crash in softmagic.c due to an improperly rediffed patch for a memory leak in a previous update (mga#13701).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | file | < 5.12-8.6 | file-5.12-8.6.mga3 |
Mageia | 4 | noarch | file | < 5.16-1.5 | file-5.16-1.5.mga4 |