CVE-2014-1943Improper Handling of Exceptional Conditions in Free File Project Fine Free File

CWE-755Improper Handling of Exceptional ConditionsCWE-835Infinite Loop12 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
21.5%
top 4.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
File Project FileFine Free File Project Fine Free FilePHP+2 more
Timeline
PublishedFeb 18
Latest updateMay 17

Description

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianfile_project/file< 1:5.17-0.1+3
NVDphp/php5.4.05.4.26+1

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.10

🔴Vulnerability Details

3
GHSA
GHSA-2r4w-c5qm-vpx8: Fine Free file before 52022-05-17
OSV
CVE-2014-1943: Fine Free file before 52014-02-18
CVEList
CVE-2014-1943: Fine Free file before 52014-02-18

💥Exploits & PoCs

1
Exploit-DB
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities2019-07-15

📋Vendor Advisories

5
BSD
FreeBSD-SA-14:16.file: Multiple vulnerabilities in file(1) and libmagic(3)2014-06-24
Ubuntu
PHP vulnerabilities2014-03-03
Ubuntu
file vulnerabilities2014-02-26
Red Hat
file: unrestricted recursion in handling of indirect type rules2014-02-10
Debian
CVE-2014-1943: file - Fine Free file before 5.17 allows context-dependent attackers to cause a denial ...2014

💬Community

2
Bugzilla
CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules2014-02-17
Bugzilla
CVE-2014-1943 file: infinite recursion [fedora-all]2014-02-17
CVE-2014-1943 — MEDIUM severity | cvebase