Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2270

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2270
Last Modified 18 Nov 2014 10:00:29
Published 14 Mar 2014 11:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2270

Summary

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Vulnerable Systems

Application

  • Christos Zoulas File 5.00

  • Christos Zoulas File 5.01

  • Christos Zoulas File 5.02

  • Christos Zoulas File 5.03

  • Christos Zoulas File 5.04

  • Christos Zoulas File 5.05

  • Christos Zoulas File 5.06

  • Christos Zoulas File 5.07

  • Christos Zoulas File 5.08

  • Christos Zoulas File 5.09

  • Christos Zoulas File 5.10

  • Christos Zoulas File 5.11

  • Christos Zoulas File 5.12

  • Christos Zoulas File 5.13

  • Christos Zoulas File 5.14

  • Christos Zoulas File 5.15

  • Christos Zoulas File 5.16

  • Tim Robbins Libmagic -


References

CONFIRM - https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801

CONFIRM - http://bugs.gw.com/view.php?id=313

CONFIRM - http://www.php.net/ChangeLog-5.php

DEBIAN - DSA-2873

MLIST - [oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables

MLIST - [oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables

SUSE - openSUSE-SU-2014:0367

SUSE - openSUSE-SU-2014:0364

SUSE - openSUSE-SU-2014:0435

UBUNTU - USN-2163-1

UBUNTU - USN-2162-1

CONFIRM - http://support.apple.com/kb/HT6443

REDHAT - RHSA-2014:1765

Related Patches

Apple 2014-09-17 Mac OS X 10.9.5 Update

Apple 2014-09-17 Mac OS X 10.9.5 Combo Update


Last Updated: 27 May 2016 11:05:02