CVE-2014-2270: Buffer Overflow
First published: Fri Mar 14 2014(Updated: )
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| file project file | <5.17 | |
| PHP | <5.4.26 | |
| PHP | >=5.5.0<5.5.10 | |
| Debian | =6.0 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 | |
| SUSE Linux | =11.4 | |
| SUSE Linux | =12.3 | |
| SUSE Linux | =13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gw.com/view.php?id=313
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://seclists.org/oss-sec/2014/q1/473
- http://seclists.org/oss-sec/2014/q1/504
- http://seclists.org/oss-sec/2014/q1/505
- http://support.apple.com/kb/HT6443
- http://www.debian.org/security/2014/dsa-2873
- http://www.php.net/ChangeLog-5.php
- http://www.ubuntu.com/usn/USN-2162-1
- http://www.ubuntu.com/usn/USN-2163-1
- https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801
- https://security.gentoo.org/glsa/201503-08
Frequently Asked Questions
What is the severity of CVE-2014-2270?
CVE-2014-2270 has been rated as a denial of service vulnerability due to out-of-bounds memory access.
How do I fix CVE-2014-2270?
To fix CVE-2014-2270, update to the latest versions of the affected software, ensuring you are beyond the specified vulnerable versions.
What software is affected by CVE-2014-2270?
CVE-2014-2270 affects the file utility before version 5.17, PHP versions prior to 5.4.26 and between 5.5.0 and 5.5.10, as well as several versions of Debian and Ubuntu.
What type of attack exploits CVE-2014-2270?
CVE-2014-2270 can be exploited by context-dependent attackers causing a denial of service through crafted offsets in the softmagic of a PE executable.
Is CVE-2014-2270 a critical vulnerability?
While CVE-2014-2270 is not classified as critical, it does pose a significant risk due to its potential to disrupt services.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/file project
- canonical/file project file
- vendor/php
- canonical/php
- version/php/5.5.0
- vendor/debian
- canonical/debian
- version/debian/6.0
- version/debian/7.0
- version/debian/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.10
- vendor/opensuse
- canonical/suse linux
- version/suse linux/11.4
- version/suse linux/12.3
- version/suse linux/13.1