Skip to main content

File CVE-2014-2270

MEDIUM
Buffer Overflow (CWE-119)
2014-03-14 security@debian.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 14, 2014 - 15:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

AnalysisAI

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Affected products include: File Project File, Php, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse. Version information: before 5.17.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in File

View all
CVE-2014-3478 MEDIUM POC
6.5 Jul 09

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP be

CVE-2014-3538 MEDIUM POC
5.0 Jul 03

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers

CVE-2019-8907 HIGH POC
8.8 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corrupt

CVE-2019-8904 HIGH POC
8.8 Feb 18

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_

CVE-2014-3587 MEDIUM POC
4.3 Aug 23

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component

CVE-2019-18218 HIGH POC
7.8 Oct 21

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a

CVE-2012-1571 MEDIUM POC
6.5 Jul 17

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Docume

CVE-2013-7345 MEDIUM POC
5.0 Mar 24

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildc

CVE-2014-9653 HIGH
7.5 Mar 30

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x be

CVE-2019-8906 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium s

CVE-2019-8905 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a di

CVE-2014-0207 MEDIUM
6.5 Jul 09

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30

Share

CVE-2014-2270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy