CVE-2014-2270

EPSS 43.46%
Published 14.03.2014 15:55:05
Last modified 12.04.2025 10:46:40
Source security@debian.org
Teams watchlist Login
Open Login

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

File Project ≫ File Version < 5.17

Php ≫ Php Version < 5.4.26

Php ≫ Php Version >= 5.5.0 < 5.5.10

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.10

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.3

Opensuse ≫ Opensuse Version13.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	43.46%	0.974

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.php.net/ChangeLog-5.php

Vendor Advisory

Release Notes

http://rhn.redhat.com/errata/RHSA-2014-1765.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT6443