Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2014-1943

Published: 18 February 2014

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Notes

AuthorNote
mdeslaur
third file commit fixes memory leak
test case: https://github.com/glensc/file/commit/f52ef08461a4bf0ab69a362d850e0397e0ab39a8

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream Needed

lucid
Released (5.3.2-1ubuntu4.23)
precise
Released (5.3.10-1ubuntu3.10)
quantal
Released (5.4.6-1ubuntu1.7)
saucy
Released (5.5.3+dfsg-1ubuntu2.2)
Patches:




upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=89f864c
upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=10eb007
file
Launchpad, Ubuntu, Debian
upstream
Released (5.17)
lucid
Released (5.03-5ubuntu1.1)
precise
Released (5.09-2ubuntu0.2)
quantal
Released (5.11-2ubuntu0.1)
saucy
Released (5.11-2ubuntu4.1)
Patches:
upstream: https://github.com/glensc/file/commit/4afb9b168906f117e32a11367761cd50fe9d4abe (backport)
upstream: https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
upstream: https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
upstream: https://github.com/glensc/file/commit/c0c0032b9e9eb57b91fefef905a3b018bab492d9