CVE-2014-2270

file < 5.17 - Denial of Service via Crafted PE Executable Softmagic Offsets

Title source: llm
STIX 2.1

Description

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

References (15)

Core 15
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2163-1
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/504
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2162-1
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/473
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
Broken Link, Patch x_refsource_confirm
http://bugs.gw.com/view.php?id=313
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/505
Release Notes, Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6443
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201503-08
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2873

Scores

EPSS 0.3077
EPSS Percentile 96.8%

Details

CWE
CWE-119
Status published
Products (12)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.10
debian/debian_linux 6.0
debian/debian_linux 7.0
debian/debian_linux 8.0
file_project/file < 5.17
opensuse/opensuse 11.4
opensuse/opensuse 12.3
... and 2 more
Published Mar 14, 2014
Tracked Since Feb 18, 2026