ID CVE-2014-1943
Summary Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
References
Vulnerable Configurations
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.9:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.10:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.11:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.13:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.14:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:5.15:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:fine_free_file_project:fine_free_file:*:*:*:*:*:*:*:*
    cpe:2.3:a:fine_free_file_project:fine_free_file:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-11-2014 - 03:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2014:1765
rpms
  • php53-0:5.3.3-23.el5_10
  • php53-bcmath-0:5.3.3-23.el5_10
  • php53-cli-0:5.3.3-23.el5_10
  • php53-common-0:5.3.3-23.el5_10
  • php53-dba-0:5.3.3-23.el5_10
  • php53-devel-0:5.3.3-23.el5_10
  • php53-gd-0:5.3.3-23.el5_10
  • php53-imap-0:5.3.3-23.el5_10
  • php53-intl-0:5.3.3-23.el5_10
  • php53-ldap-0:5.3.3-23.el5_10
  • php53-mbstring-0:5.3.3-23.el5_10
  • php53-mysql-0:5.3.3-23.el5_10
  • php53-odbc-0:5.3.3-23.el5_10
  • php53-pdo-0:5.3.3-23.el5_10
  • php53-pgsql-0:5.3.3-23.el5_10
  • php53-process-0:5.3.3-23.el5_10
  • php53-pspell-0:5.3.3-23.el5_10
  • php53-snmp-0:5.3.3-23.el5_10
  • php53-soap-0:5.3.3-23.el5_10
  • php53-xml-0:5.3.3-23.el5_10
  • php53-xmlrpc-0:5.3.3-23.el5_10
  • php-0:5.3.3-27.el6_5.1
  • php-bcmath-0:5.3.3-27.el6_5.1
  • php-cli-0:5.3.3-27.el6_5.1
  • php-common-0:5.3.3-27.el6_5.1
  • php-dba-0:5.3.3-27.el6_5.1
  • php-devel-0:5.3.3-27.el6_5.1
  • php-embedded-0:5.3.3-27.el6_5.1
  • php-enchant-0:5.3.3-27.el6_5.1
  • php-fpm-0:5.3.3-27.el6_5.1
  • php-gd-0:5.3.3-27.el6_5.1
  • php-imap-0:5.3.3-27.el6_5.1
  • php-intl-0:5.3.3-27.el6_5.1
  • php-ldap-0:5.3.3-27.el6_5.1
  • php-mbstring-0:5.3.3-27.el6_5.1
  • php-mysql-0:5.3.3-27.el6_5.1
  • php-odbc-0:5.3.3-27.el6_5.1
  • php-pdo-0:5.3.3-27.el6_5.1
  • php-pgsql-0:5.3.3-27.el6_5.1
  • php-process-0:5.3.3-27.el6_5.1
  • php-pspell-0:5.3.3-27.el6_5.1
  • php-recode-0:5.3.3-27.el6_5.1
  • php-snmp-0:5.3.3-27.el6_5.1
  • php-soap-0:5.3.3-27.el6_5.1
  • php-tidy-0:5.3.3-27.el6_5.1
  • php-xml-0:5.3.3-27.el6_5.1
  • php-xmlrpc-0:5.3.3-27.el6_5.1
  • php-zts-0:5.3.3-27.el6_5.1
  • file-0:5.04-21.el6
  • file-devel-0:5.04-21.el6
  • file-libs-0:5.04-21.el6
  • file-static-0:5.04-21.el6
  • python-magic-0:5.04-21.el6
refmap via4
confirm
debian
  • DSA-2861
  • DSA-2868
mlist
  • [file] 20140211 segfault in magic_buffer
  • [file] 20140213 segfault in magic_buffer
  • [file] 20142010 segfault in magic_buffer
suse
  • openSUSE-SU-2014:0364
  • openSUSE-SU-2014:0367
ubuntu
  • USN-2123-1
  • USN-2126-1
Last major update 19-11-2014 - 03:00
Published 18-02-2014 - 19:55
Back to Top