CVE-2014-2270

MEDIUM

Description

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

References

http://bugs.gw.com/view.php?id=313

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html

http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html

http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://seclists.org/oss-sec/2014/q1/473

http://seclists.org/oss-sec/2014/q1/504

http://seclists.org/oss-sec/2014/q1/505

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2873

http://www.php.net/ChangeLog-5.php

http://www.ubuntu.com/usn/USN-2162-1

http://www.ubuntu.com/usn/USN-2163-1

https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801

https://security.gentoo.org/glsa/201503-08

Details

Source: MITRE

Published: 2014-03-14

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*

cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* versions up to 5.16 (inclusive)

Configuration 2

OR

cpe:2.3:a:tim_robbins:libmagic:-:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
124927EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)NessusHuawei Local Security Checks
high
92905FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82128Debian DLA-145-1 : php5 security updateNessusDebian Local Security Checks
medium
82007GLSA-201503-08 : file: Denial of ServiceNessusGentoo Local Security Checks
medium
80737Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)NessusSolaris Local Security Checks
high
79185CentOS 6 : file (CESA-2014:1606)NessusCentOS Local Security Checks
medium
78843Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
78527Oracle Linux 6 : file (ELSA-2014-1606)NessusOracle Linux Local Security Checks
medium
78414RHEL 6 : file (RHSA-2014:1606)NessusRed Hat Local Security Checks
medium
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
77047Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)NessusScientific Linux Local Security Checks
high
77043Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)NessusOracle Linux Local Security Checks
high
77032CentOS 5 / 6 : php / php53 (CESA-2014:1012)NessusCentOS Local Security Checks
high
77015RHEL 5 / 6 : php53 and php (RHSA-2014:1012)NessusRed Hat Local Security Checks
high
75306openSUSE Security Update : file (openSUSE-SU-2014:0435-1)NessusSuSE Local Security Checks
medium
75291openSUSE Security Update : file (openSUSE-SU-2014:0364-1)NessusSuSE Local Security Checks
medium
74279Debian DSA-2943-1 : php5 - security updateNessusDebian Local Security Checks
high
74087SuSE 11.3 Security Update : file (SAT Patch Number 9066)NessusSuSE Local Security Checks
medium
73400Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerability (USN-2163-1)NessusUbuntu Local Security Checks
medium
73399Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : file vulnerability (USN-2162-1)NessusUbuntu Local Security Checks
medium
73267FreeBSD : file -- out-of-bounds access in search rules with offsets from input file (7e61a839-b714-11e3-8195-001966155bea)NessusFreeBSD Local Security Checks
medium
73233Amazon Linux AMI : php55 (ALAS-2014-314)NessusAmazon Linux Local Security Checks
medium
73232Amazon Linux AMI : php54 (ALAS-2014-313)NessusAmazon Linux Local Security Checks
medium
73217Fedora 19 : file-5.11-13.fc19 (2014-3589)NessusFedora Local Security Checks
medium
73051Mandriva Linux Security Advisory : php (MDVSA-2014:059)NessusMandriva Local Security Checks
medium
73040Fedora 19 : php-5.5.10-1.fc19 (2014-3537)NessusFedora Local Security Checks
medium
72998Mandriva Linux Security Advisory : file (MDVSA-2014:051)NessusMandriva Local Security Checks
medium
72974Fedora 20 : file-5.14-17.fc20 (2014-3606)NessusFedora Local Security Checks
medium
72952Debian DSA-2873-1 : file - several vulnerabilitiesNessusDebian Local Security Checks
medium
8154PHP 5.5.x < 5.5.10 Multiple Vulnerabilities Nessus Network MonitorWeb Servers
high
72892Fedora 20 : php-5.5.10-1.fc20 (2014-3534)NessusFedora Local Security Checks
medium
72882PHP 5.5.x < 5.5.10 Multiple VulnerabilitiesNessusCGI abuses
medium
72881PHP 5.4.x < 5.4.26 Multiple VulnerabilitiesNessusCGI abuses
medium