CVE-2014-2270

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

References

http://bugs.gw.com/view.php?id=313

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html

http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html

http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://seclists.org/oss-sec/2014/q1/473

http://seclists.org/oss-sec/2014/q1/504

http://seclists.org/oss-sec/2014/q1/505

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2873

http://www.php.net/ChangeLog-5.php

http://www.ubuntu.com/usn/USN-2162-1

http://www.ubuntu.com/usn/USN-2163-1

https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801

https://security.gentoo.org/glsa/201503-08

Details

Source: MITRE

Published: 2014-03-14

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* versions up to 5.16 (inclusive)

Configuration 2

OR

cpe:2.3:a:tim_robbins:libmagic:-:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
124927EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)NessusHuawei Local Security Checks
high
92905FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82128Debian DLA-145-1 : php5 security updateNessusDebian Local Security Checks
medium
82007GLSA-201503-08 : file: Denial of ServiceNessusGentoo Local Security Checks
medium
80737Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)NessusSolaris Local Security Checks
high
79185CentOS 6 : file (CESA-2014:1606)NessusCentOS Local Security Checks
medium
78843Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
78527Oracle Linux 6 : file (ELSA-2014-1606)NessusOracle Linux Local Security Checks
medium
78414RHEL 6 : file (RHSA-2014:1606)NessusRed Hat Local Security Checks
medium
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
77047Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)NessusScientific Linux Local Security Checks
high
77043Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)NessusOracle Linux Local Security Checks
high
77032CentOS 5 / 6 : php / php53 (CESA-2014:1012)NessusCentOS Local Security Checks
high
77015RHEL 5 / 6 : php53 and php (RHSA-2014:1012)NessusRed Hat Local Security Checks
high
75306openSUSE Security Update : file (openSUSE-SU-2014:0435-1)NessusSuSE Local Security Checks
medium
75291openSUSE Security Update : file (openSUSE-SU-2014:0364-1)NessusSuSE Local Security Checks
medium
74279Debian DSA-2943-1 : php5 - security updateNessusDebian Local Security Checks
high
74087SuSE 11.3 Security Update : file (SAT Patch Number 9066)NessusSuSE Local Security Checks
medium
73400Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerability (USN-2163-1)NessusUbuntu Local Security Checks
medium
73399Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : file vulnerability (USN-2162-1)NessusUbuntu Local Security Checks
medium
73267FreeBSD : file -- out-of-bounds access in search rules with offsets from input file (7e61a839-b714-11e3-8195-001966155bea)NessusFreeBSD Local Security Checks
medium
73233Amazon Linux AMI : php55 (ALAS-2014-314)NessusAmazon Linux Local Security Checks
medium
73232Amazon Linux AMI : php54 (ALAS-2014-313)NessusAmazon Linux Local Security Checks
medium
73217Fedora 19 : file-5.11-13.fc19 (2014-3589)NessusFedora Local Security Checks
medium
73051Mandriva Linux Security Advisory : php (MDVSA-2014:059)NessusMandriva Local Security Checks
medium
73040Fedora 19 : php-5.5.10-1.fc19 (2014-3537)NessusFedora Local Security Checks
medium
72998Mandriva Linux Security Advisory : file (MDVSA-2014:051)NessusMandriva Local Security Checks
medium
72974Fedora 20 : file-5.14-17.fc20 (2014-3606)NessusFedora Local Security Checks
medium
72952Debian DSA-2873-1 : file - several vulnerabilitiesNessusDebian Local Security Checks
medium
8154PHP 5.5.x < 5.5.10 Multiple Vulnerabilities Nessus Network MonitorWeb Servers
high
72892Fedora 20 : php-5.5.10-1.fc20 (2014-3534)NessusFedora Local Security Checks
medium
72882PHP 5.5.x < 5.5.10 Multiple VulnerabilitiesNessusCGI abuses
medium
72881PHP 5.4.x < 5.4.26 Multiple VulnerabilitiesNessusCGI abuses
medium