First published: Tue Feb 18 2014(Updated: )
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fine Free file project Fine Free file | <5.17 | |
PHP | >=5.4.0<5.4.26 | |
PHP | >=5.5.0<5.5.10 | |
Ubuntu Linux | =10.04 | |
Ubuntu Linux | =12.04 | |
Ubuntu Linux | =12.10 | |
Ubuntu Linux | =13.10 | |
Debian GNU/Linux | =6.0 | |
Debian GNU/Linux | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-1943 is classified as a denial of service vulnerability due to its potential to cause infinite recursion and CPU consumption.
To fix CVE-2014-1943, you should update Fine Free file to version 5.17 or later, and ensure that your PHP version is not vulnerable.
Fine Free file versions prior to 5.17 are affected by CVE-2014-1943.
CVE-2014-1943 impacts various operating systems including specific versions of Ubuntu and Debian.
Yes, CVE-2014-1943 can be exploited by context-dependent attackers who can supply crafted indirect offset values.