what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2014-8117

Status Candidate

Overview

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

Related Files

Red Hat Security Advisory 2016-0760-01
Posted May 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0760-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653
MD5 | 2e3ee6fc54a9e04d8e7d163dfd9da4d7
Red Hat Security Advisory 2015-2155-07
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2155-07 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9652, CVE-2014-9653
MD5 | 40f106cc619275ee139fc296047437b0
Mandriva Linux Security Advisory 2015-080
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7345, CVE-2014-0185, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-8116, CVE-2014-8117, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2014-9620
MD5 | 2de4bba25e6adea40f424ff2a5af9a53
Ubuntu Security Notice USN-2535-1
Posted Mar 19, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2535-1 - Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-8117, CVE-2014-9705, CVE-2015-0273, CVE-2015-2301
MD5 | 66667b847e3e8e7e608b5c793858b855
Ubuntu Security Notice USN-2494-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2494-1 - Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
MD5 | efc916bd2def482c0d2017000579c0c0
Mandriva Linux Security Advisory 2015-010
Posted Jan 8, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-010 - Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption. Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled recursion. The updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8116, CVE-2014-8117
MD5 | 5dddb94bc28f7d85709db51364a82d7f
Debian Security Advisory 3121-1
Posted Jan 8, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3121-1 - Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-8116, CVE-2014-8117
MD5 | 53d06fd05edb1b2816f774d044ffac9f
Gentoo Linux Security Advisory 201412-48
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-48 - A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.21 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8117
MD5 | 7b9921ce4e139f50f8eeb95b7bab0ce0
FreeBSD Security Advisory - file / libmagic Denial Of Service
Posted Dec 10, 2014
Site security.freebsd.org

FreeBSD Security Advisory - There are a number of denial of service issues in the ELF parser used by file(1). An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
MD5 | 5c39786c6e9f552f14d38694736de171
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    1 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close