Computer Security
[EN] securityvulns.ru no-pyccku


file utility / libmagic / PHP DoS
updated since 18.02.2014
Published:04.05.2014
Source:
SecurityVulns ID:13572
Type:library
Threat Level:
5/10
Description:Infinite recursion on some file types detection, buffer overread, CPU exhaustion.
Affected:FILE : file 5.11
CVE:CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2013-7345 (The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.)
Original documentdocumentSLACKWARE, [slackware-security] php (SSA:2014-111-02) (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2873-1] file security update (13.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2861-1] file security update (18.02.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod