CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Published: Feb 18, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1943
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-755

Affected Software
References

Software	From	Fixed in
fine_free_file_project / fine_free_file	-	5.17
php / php	5.5.0	5.5.10
php / php	5.4.0	5.4.26
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	12.04	12.04.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://mx.gw.com/pipermail/file/2014/001327.html
http://mx.gw.com/pipermail/file/2014/001330.html
http://mx.gw.com/pipermail/file/2014/001334.html
http://mx.gw.com/pipermail/file/2014/001337.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2861
http://www.debian.org/security/2014/dsa-2868
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-2123-1
http://www.ubuntu.com/usn/USN-2126-1
https://github.com/glensc/file/blob/FILE5_17/ChangeLog

Vulnerability Database

CVE-2014-1943