Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1943

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-1943
Last Modified 18 Nov 2014 10:00:21
Published 18 Feb 2014 02:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1943

Summary

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Vulnerable Systems

Application

  • Fine Free File Project Fine Free File 5.0

  • Fine Free File Project Fine Free File 5.1

  • Fine Free File Project Fine Free File 5.10

  • Fine Free File Project Fine Free File 5.11

  • Fine Free File Project Fine Free File 5.12

  • Fine Free File Project Fine Free File 5.13

  • Fine Free File Project Fine Free File 5.14

  • Fine Free File Project Fine Free File 5.15

  • Fine Free File Project Fine Free File 5.16

  • Fine Free File Project Fine Free File 5.2

  • Fine Free File Project Fine Free File 5.3

  • Fine Free File Project Fine Free File 5.4

  • Fine Free File Project Fine Free File 5.7

  • Fine Free File Project Fine Free File 5.8

  • Fine Free File Project Fine Free File 5.9


References

CONFIRM - https://github.com/glensc/file/blob/FILE5_17/ChangeLog

DEBIAN - DSA-2861

MLIST - [file] 20140213 segfault in magic_buffer

MLIST - [file] 20140211 segfault in magic_buffer

MLIST - [file] 20142010 segfault in magic_buffer

DEBIAN - DSA-2868

UBUNTU - USN-2126-1

UBUNTU - USN-2123-1

CONFIRM - http://www.php.net/ChangeLog-5.php

SUSE - openSUSE-SU-2014:0367

SUSE - openSUSE-SU-2014:0364

CONFIRM - http://support.apple.com/kb/HT6443

REDHAT - RHSA-2014:1765

Related Patches

Apple 2014-09-17 Mac OS X 10.9.5 Update

Apple 2014-09-17 Mac OS X 10.9.5 Combo Update


Last Updated: 27 May 2016 11:04:46