Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-2270

Published: 14/03/2014 Updated: 28/10/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to File Project

Vulnerability Summary

softmagic.c in file prior to 5.17 and libmagic allows context-dependent malicious users to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

file project file

php php

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 6.0

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

opensuse opensuse 12.3

opensuse opensuse 11.4

opensuse opensuse 13.1

Vendor Advisories

Debian CVElist Bug Report Logs: file: possible DoS in awk magic
Debian Bug report logs - #703993 file: possible DoS in awk magic Package: file; Maintainer for file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Source for file is src:file (PTS, buildd, popcon) Reported by: Carsten Wolff <carsten@wolffcarstende> Date: Tue, 26 Mar 2013 14:48:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: php5: CVE-2014-2270: out-of-bounds memory access in fileinfo
Debian Bug report logs - #740960 php5: CVE-2014-2270: out-of-bounds memory access in fileinfo Package: src:php5; Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Mar 2014 17:57:02 UTC Severity: important Tags ...
Ubuntu Security Notice: php5 vulnerability
PHP could be made to crash if it processed a specially crafted file ...
Ubuntu Security Notice: file vulnerability
File could be made to crash if it processed a specially crafted file ...
Debian Security Advisories: DSA-2873-1 file -- several vulnerabilities
Several vulnerabilities have been found in file, a file type classification tool Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows When processing a defective or intentionally prepared PE executable which contains invalid offset information ...
Debian Security Advisories: DSA-2943-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development: CVE-2014-0185 The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code under the ...
Amazon Linux AMI: ALAS-2014-314
A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU The gdImageCrop function in ext/gd/gdc in PHP 55x before 559 does not check return values, which allows ...
Amazon Linux AMI: ALAS-2014-313
A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU ...
Red Hat: CVE-2014-2270
A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU ...

References

CWE-119http://seclists.org/oss-sec/2014/q1/505http://seclists.org/oss-sec/2014/q1/473http://www.php.net/ChangeLog-5.phphttp://www.debian.org/security/2014/dsa-2873http://seclists.org/oss-sec/2014/q1/504https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801http://bugs.gw.com/view.php?id=313http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2014-03/msg00037.htmlhttp://lists.opensuse.org/opensuse-updates/2014-03/msg00084.htmlhttp://www.ubuntu.com/usn/USN-2163-1http://www.ubuntu.com/usn/USN-2162-1http://support.apple.com/kb/HT6443http://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttps://security.gentoo.org/glsa/201503-08https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993https://usn.ubuntu.com/2163-1/https://access.redhat.com/security/cve/cve-2014-2270
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook