CVE-2014-8117 — Uncontrolled Resource Consumption in Project File

CWE-399 CWE-400 — Uncontrolled Resource Consumption CWE-674 — Uncontrolled Recursion13 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

16.5%

top 5.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File Php5 Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 17

Latest updateMay 14

Description

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Debianfile_project/file< 1:5.21+15-1+3

▶NVDfile_project/file5.20

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.7

▶NVDmageia/mageia4.0

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7cj4-vm7w-5gqx: softmagic↗2022-05-14

▶

OSV

php5 vulnerabilities↗2015-03-18

▶

OSV

file vulnerabilities↗2015-02-04

▶

CVEList

CVE-2014-8117: softmagic↗2014-12-17

▶

OSV

CVE-2014-8117: softmagic↗2014-12-17

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2015-03-18

▶

Ubuntu

file vulnerabilities↗2015-02-04

▶

Red Hat

file: denial of service issue (resource consumption)↗2014-12-16

▶

BSD

FreeBSD-SA-14:28.file: Multiple vulnerabilities in file(1) and libmagic(3)↗2014-12-10

▶

Debian

CVE-2014-8117: file - softmagic.c in file before 5.21 does not properly limit recursion, which allows ...↗2014

▶

💬Community

Bugzilla

CVE-2014-8117 file: denial of service issue (resource consumption)↗2014-12-16

▶

Bugzilla

CVE-2014-8116 CVE-2014-8117 file: various flaws [fedora-all]↗2014-12-16

▶