FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-2270

This CVE name corresponds to:

Entered Topic
2016-08-11 FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-03-29 file -- out-of-bounds access in search rules with offsets from input file

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-2270 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-2270
Phase Assigned(20140304)

Description

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

References

Source Reference
MLIST [oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables
MLIST [oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables
MLIST [oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables
CONFIRM http://bugs.gw.com/view.php?id=313
CONFIRM http://www.php.net/ChangeLog-5.php
CONFIRM https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801
CONFIRM http://support.apple.com/kb/HT6443
DEBIAN DSA-2873
REDHAT RHSA-2014:1765
SUSE openSUSE-SU-2014:0364
SUSE openSUSE-SU-2014:0367
SUSE openSUSE-SU-2014:0435
UBUNTU USN-2162-1
UBUNTU USN-2163-1

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.