CVE-2014-2270Improper Restriction of Operations within the Bounds of a Memory Buffer in Project File

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or WraparoundCWE-125Out-of-bounds Read12 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
27.1%
top 3.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
File Project FilePHPCanonical Ubuntu Linux+2 more
Timeline
PublishedMar 14
Latest updateMay 17

Description

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDfile_project/file< 5.17
Debianfile_project/file< 1:5.17-1+3
NVDphp/php5.5.05.5.10+1
NVDopensuse/opensuse11.4, 12.3, 13.1+2

Also affects: Debian Linux 6.0, 7.0, 8.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.10

Patches

Patch: bugs.gw.comPatch: seclists.orgPatch: seclists.org

🔴Vulnerability Details

3
GHSA
GHSA-33vf-9722-2226: softmagic2022-05-17
OSV
CVE-2014-2270: softmagic2014-03-14
CVEList
CVE-2014-2270: softmagic2014-03-14

📋Vendor Advisories

5
BSD
FreeBSD-SA-14:16.file: Multiple vulnerabilities in file(1) and libmagic(3)2014-06-24
Ubuntu
file vulnerability2014-04-07
Ubuntu
PHP vulnerability2014-04-07
Debian
CVE-2014-2270: file - softmagic.c in file before 5.17 and libmagic allows context-dependent attackers ...2014
Red Hat
file: out-of-bounds access in search rules with offsets from input file2013-12-20

💬Community

3
Bugzilla
CVE-2014-2270 file: out-of-bounds memory access when parsing Portable Executable (PE) format files [fedora-all]2014-03-06
Bugzilla
CVE-2014-2270 php: file: out-of-bounds memory access when parsing Portable Executable (PE) format files [fedora-all]2014-03-06
Bugzilla
CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file2014-03-04
CVE-2014-2270 — File Project File vulnerability | cvebase