CVE-2014-1943

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

References

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html

http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html

http://mx.gw.com/pipermail/file/2014/001327.html

http://mx.gw.com/pipermail/file/2014/001330.html

http://mx.gw.com/pipermail/file/2014/001334.html

http://mx.gw.com/pipermail/file/2014/001337.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2861

http://www.debian.org/security/2014/dsa-2868

http://www.php.net/ChangeLog-5.php

http://www.ubuntu.com/usn/USN-2123-1

http://www.ubuntu.com/usn/USN-2126-1

https://github.com/glensc/file/blob/FILE5_17/ChangeLog

Details

Source: MITRE

Published: 2014-02-18

Updated: 2014-11-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
92905FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
80737Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)NessusSolaris Local Security Checks
high
79185CentOS 6 : file (CESA-2014:1606)NessusCentOS Local Security Checks
medium
78843Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
78527Oracle Linux 6 : file (ELSA-2014-1606)NessusOracle Linux Local Security Checks
medium
78414RHEL 6 : file (RHSA-2014:1606)NessusRed Hat Local Security Checks
medium
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
77047Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)NessusScientific Linux Local Security Checks
high
77043Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)NessusOracle Linux Local Security Checks
high
77032CentOS 5 / 6 : php / php53 (CESA-2014:1012)NessusCentOS Local Security Checks
high
77015RHEL 5 / 6 : php53 and php (RHSA-2014:1012)NessusRed Hat Local Security Checks
high
75291openSUSE Security Update : file (openSUSE-SU-2014:0364-1)NessusSuSE Local Security Checks
medium
73233Amazon Linux AMI : php55 (ALAS-2014-314)NessusAmazon Linux Local Security Checks
medium
73232Amazon Linux AMI : php54 (ALAS-2014-313)NessusAmazon Linux Local Security Checks
medium
73058Amazon Linux AMI : file (ALAS-2014-304)NessusAmazon Linux Local Security Checks
medium
73051Mandriva Linux Security Advisory : php (MDVSA-2014:059)NessusMandriva Local Security Checks
medium
73029Slackware 14.0 / 14.1 / current : php (SSA:2014-074-01)NessusSlackware Local Security Checks
medium
72998Mandriva Linux Security Advisory : file (MDVSA-2014:051)NessusMandriva Local Security Checks
medium
72996GLSA-201403-03 : file: Denial of ServiceNessusGentoo Local Security Checks
medium
8154PHP 5.5.x < 5.5.10 Multiple Vulnerabilities Nessus Network MonitorWeb Servers
high
72882PHP 5.5.x < 5.5.10 Multiple VulnerabilitiesNessusCGI abuses
medium
72881PHP 5.4.x < 5.4.26 Multiple VulnerabilitiesNessusCGI abuses
medium
72799Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerabilities (USN-2126-1)NessusUbuntu Local Security Checks
medium
72790FreeBSD : file -- denial of service (815dbcf9-a2d6-11e3-8088-002590860428)NessusFreeBSD Local Security Checks
medium
72789Fedora 19 : file-5.11-12.fc19 (2014-2876)NessusFedora Local Security Checks
medium
72758Debian DSA-2868-1 : php5 - denial of serviceNessusDebian Local Security Checks
medium
72720Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : file vulnerabilities (USN-2123-1)NessusUbuntu Local Security Checks
medium
72656Fedora 20 : file-5.14-15.fc20 (2014-2739)NessusFedora Local Security Checks
medium
72537Debian DSA-2861-1 : file - denial of serviceNessusDebian Local Security Checks
medium