4.3
CVE-2014-2270
- EPSS 4.32%
- Veröffentlicht 14.03.2014 15:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
File Project ≫ File Version < 5.17
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.32% | 0.899 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://support.apple.com/kb/HT6443
http://bugs.gw.com/view.php?id=313
http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html
http://seclists.org/oss-sec/2014/q1/473
http://seclists.org/oss-sec/2014/q1/504
http://seclists.org/oss-sec/2014/q1/505
http://www.debian.org/security/2014/dsa-2873
http://www.ubuntu.com/usn/USN-2162-1
http://www.ubuntu.com/usn/USN-2163-1
https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801
https://security.gentoo.org/glsa/201503-08