CVE-2014-8117 - softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to

CVE-2014-8117

Summary

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:file_project:file:3.27:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.27:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.28:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.28:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.30:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.30:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.31:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.31:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.32:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.32:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.33:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.33:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.34:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.34:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.35:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.35:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.36:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.36:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.37:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.37:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.38:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.38:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.39:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.39:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.40:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.40:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.41:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:3.41:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.00:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.00:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.01:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.01:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.02:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.02:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.03:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.03:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.04:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.04:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.05:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.05:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.06:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.06:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.07:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.07:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.08:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.08:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.09:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.09:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.10:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.10:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.11:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.11:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.12:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.12:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.13:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.13:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.14:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.14:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.15:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.15:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.16:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.16:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.17:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.17:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.18:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.18:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.19:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.19:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.20:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.20:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.21:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.21:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.22:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.22:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.23:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.23:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.24:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.24:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.25:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.25:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.26:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:4.26:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.00:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.00:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.01:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.01:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.02:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.02:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.03:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.03:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.04:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.04:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.05:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.05:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.06:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.06:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.07:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.07:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2016:0760

rpms

file-0:5.11-31.el7
file-debuginfo-0:5.11-31.el7
file-devel-0:5.11-31.el7
file-libs-0:5.11-31.el7
file-static-0:5.11-31.el7
python-magic-0:5.11-31.el7
file-0:5.04-30.el6
file-debuginfo-0:5.04-30.el6
file-devel-0:5.04-30.el6
file-libs-0:5.04-30.el6
file-static-0:5.04-30.el6
python-magic-0:5.04-30.el6

refmap via4

bid	71692
confirm	http://advisories.mageia.org/MGASA-2015-0040.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
freebsd	FreeBSD-SA-14:28
mlist	[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117
sectrack	1031344
secunia	61944 62081
ubuntu	USN-2494-1 USN-2535-1

Last major update

05-01-2018 - 02:29

Published

17-12-2014 - 19:59

Last modified

05-01-2018 - 02:29