6.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.959 High
EPSS
Percentile
99.4%
softmagic.c in file before 5.17 and libmagic allows context-dependent
attackers to cause a denial of service (out-of-bounds memory access and
crash) via crafted offsets in the softmagic of a PE executable.
Author | Note |
---|---|
mdeslaur | see regression fix in DSA-2873-2 The regression in the debian package is caused by a fix for a different issue which does not seem to have a CVE number: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742262 (file regression 1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742265 (file regression 2) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | file | <Β 5.03-5ubuntu1.2 | UNKNOWN |
ubuntu | 12.04 | noarch | file | <Β 5.09-2ubuntu0.3 | UNKNOWN |
ubuntu | 12.10 | noarch | file | <Β 5.11-2ubuntu0.2 | UNKNOWN |
ubuntu | 13.10 | noarch | file | <Β 5.11-2ubuntu4.2 | UNKNOWN |
ubuntu | 10.04 | noarch | php5 | <Β 5.3.2-1ubuntu4.24 | UNKNOWN |
ubuntu | 12.04 | noarch | php5 | <Β 5.3.10-1ubuntu3.11 | UNKNOWN |
ubuntu | 12.10 | noarch | php5 | <Β 5.4.6-1ubuntu1.8 | UNKNOWN |
ubuntu | 13.10 | noarch | php5 | <Β 5.5.3+dfsg-1ubuntu2.3 | UNKNOWN |