ID CVE-2014-8117
Summary softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:file_project:file:3.27:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.28:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.30:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.31:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.32:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.33:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.34:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.35:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.36:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.37:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.38:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.39:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.40:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.40:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.41:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.00:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.00:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.02:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.02:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.03:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.03:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.05:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.05:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.06:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.06:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.07:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.07:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.08:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.08:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.09:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.09:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.10:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.11:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.12:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.13:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.14:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.15:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.16:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.17:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.18:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.19:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.20:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.21:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.22:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.23:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.23:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.24:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.24:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.25:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.25:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.26:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.26:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.00:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.00:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.02:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.02:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.03:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.03:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.04:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.04:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.05:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.05:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.06:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.06:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.07:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.07:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2016:0760
rpms
  • file-0:5.11-31.el7
  • file-devel-0:5.11-31.el7
  • file-libs-0:5.11-31.el7
  • file-static-0:5.11-31.el7
  • python-magic-0:5.11-31.el7
  • file-0:5.04-30.el6
  • file-devel-0:5.04-30.el6
  • file-libs-0:5.04-30.el6
  • file-static-0:5.04-30.el6
  • python-magic-0:5.04-30.el6
refmap via4
bid 71692
confirm
freebsd FreeBSD-SA-14:28
mlist [oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117
sectrack 1031344
secunia
  • 61944
  • 62081
ubuntu
  • USN-2494-1
  • USN-2535-1
Last major update 05-01-2018 - 02:29
Published 17-12-2014 - 19:59
Back to Top