FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-1943

This CVE name corresponds to:

Entered Topic
2016-08-11 FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-03-03 file -- denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2014-1943
Phase Assigned(20140210)

Description

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

References

Source Reference
MLIST [file] 20140211 segfault in magic_buffer
MLIST [file] 20140211 segfault in magic_buffer
MLIST [file] 20140213 segfault in magic_buffer
MLIST [file] 20142010 segfault in magic_buffer
CONFIRM https://github.com/glensc/file/blob/FILE5_17/ChangeLog
CONFIRM http://www.php.net/ChangeLog-5.php
CONFIRM http://support.apple.com/kb/HT6443
DEBIAN DSA-2861
DEBIAN DSA-2868
REDHAT RHSA-2014:1765
SUSE openSUSE-SU-2014:0364
SUSE openSUSE-SU-2014:0367
UBUNTU USN-2123-1
UBUNTU USN-2126-1