6.4 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.058 Low
EPSS
Percentile
93.3%
Fine Free file before 5.17 allows context-dependent attackers to cause a
denial of service (infinite recursion, CPU consumption, and crash) via a
crafted indirect offset value in the magic of a file.
Author | Note |
---|---|
mdeslaur | third file commit fixes memory leak test case: https://github.com/glensc/file/commit/f52ef08461a4bf0ab69a362d850e0397e0ab39a8 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | file | <Â 5.03-5ubuntu1.1 | UNKNOWN |
ubuntu | 12.04 | noarch | file | <Â 5.09-2ubuntu0.2 | UNKNOWN |
ubuntu | 12.10 | noarch | file | <Â 5.11-2ubuntu0.1 | UNKNOWN |
ubuntu | 13.10 | noarch | file | <Â 5.11-2ubuntu4.1 | UNKNOWN |
ubuntu | 10.04 | noarch | php5 | <Â 5.3.2-1ubuntu4.23 | UNKNOWN |
ubuntu | 12.04 | noarch | php5 | <Â 5.3.10-1ubuntu3.10 | UNKNOWN |
ubuntu | 12.10 | noarch | php5 | <Â 5.4.6-1ubuntu1.7 | UNKNOWN |
ubuntu | 13.10 | noarch | php5 | <Â 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
mx.gw.com/pipermail/file/2014/001327.html
mx.gw.com/pipermail/file/2014/001330.html
mx.gw.com/pipermail/file/2014/001334.html
mx.gw.com/pipermail/file/2014/001337.html
www.debian.org/security/2014/dsa-2861
launchpad.net/bugs/cve/CVE-2014-1943
nvd.nist.gov/vuln/detail/CVE-2014-1943
security-tracker.debian.org/tracker/CVE-2014-1943
ubuntu.com/security/notices/USN-2123-1
ubuntu.com/security/notices/USN-2126-1
www.cve.org/CVERecord?id=CVE-2014-1943