4.3
CVSSv2

CVE-2014-2270

Published: 14/03/2014 Updated: 01/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

softmagic.c in file prior to 5.17 and libmagic allows context-dependent malicious users to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Vendor Advisories

Debian Bug report logs - #703993 file: possible DoS in awk magic Package: file; Maintainer for file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Source for file is src:file (PTS, buildd, popcon) Reported by: Carsten Wolff <carsten@wolffcarstende> Date: Tue, 26 Mar 2013 14:48:02 UTC Severity: important Tags: ...
Debian Bug report logs - #740960 php5: CVE-2014-2270: out-of-bounds memory access in fileinfo Package: src:php5; Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Mar 2014 17:57:02 UTC Severity: important Tags ...
File could be made to crash if it processed a specially crafted file ...
PHP could be made to crash if it processed a specially crafted file ...
Several vulnerabilities have been found in file, a file type classification tool Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows When processing a defective or intentionally prepared PE executable which contains invalid offset information ...
A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU ...
A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU ...
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development: CVE-2014-0185 The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code under the ...
A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU The gdImageCrop function in ext/gd/gdc in PHP 55x before 559 does not check return values, which allows ...