what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2014-2270

Status Candidate

Overview

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Related Files

Mandriva Linux Security Advisory 2015-080
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7345, CVE-2014-0185, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-8116, CVE-2014-8117, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2014-9620
SHA-256 | c10e025ba97f4a2c50f16a7bf42fdd55255bca05fae063bbdc4d60c7452dc956
Gentoo Linux Security Advisory 201503-08
Posted Mar 18, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-8 - Vulnerabilities in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.22 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-2270, CVE-2014-9620, CVE-2014-9621
SHA-256 | ead380517caeb1d470c125f906392d70fc04b69f3f20901f9d95e08e43889470
Red Hat Security Advisory 2014-1765-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6712, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
SHA-256 | 362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367b
Red Hat Security Advisory 2014-1606-02
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1606-02 - The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-1571, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3479, CVE-2014-3480
SHA-256 | abe0ed469d7ae83d0ad40aebd791f00a02439feaa1060a6f6cfecd1c3806dafe
Apple Security Advisory 2014-09-17-3
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.

tags | advisory, php, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-7345, CVE-2014-0076, CVE-2014-0185, CVE-2014-0195, CVE-2014-0207, CVE-2014-0221, CVE-2014-0224, CVE-2014-0237, CVE-2014-0238, CVE-2014-1391, CVE-2014-1943, CVE-2014-2270, CVE-2014-2525, CVE-2014-3470, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4350, CVE-2014-4374, CVE-2014-4376, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4381
SHA-256 | 4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0
Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
SHA-256 | 603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1
Red Hat Security Advisory 2014-1012-01
Posted Aug 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1012-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. Two denial of service flaws were found in the way the File Information extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.

tags | advisory, remote, web, denial of service, php
systems | linux, redhat
advisories | CVE-2012-1571, CVE-2013-6712, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3479, CVE-2014-3480, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721
SHA-256 | 75d69ed5db0c26d8fff244ccb4d6071a528c9b06c9770c22a68c4d391a8305a7
FreeBSD Security Advisory - file / libmagic
Posted Jun 25, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.

tags | advisory
systems | freebsd
advisories | CVE-2012-1571, CVE-2013-7345, CVE-2014-1943, CVE-2014-2270
SHA-256 | 55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77
Debian Security Advisory 2943-1
Posted Jun 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2943-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-2270
SHA-256 | 14ceb25eecc0ebf2b0e99e958e18bd4f806ab39310e6a3cccdc09f253ced106d
Ubuntu Security Notice USN-2163-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2163-1 - It was discovered that PHP's embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2014-2270
SHA-256 | 0d091488d02a2ca4f7952cb6422ce82ecaf309d9b79a81b19e91969a3b2faf20
Ubuntu Security Notice USN-2162-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2162-1 - It was discovered that file incorrectly handled PE executable files. An attacker could use this issue to cause file to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-2270
SHA-256 | b4dd95e2b702ef1f1d6c8585d60662427e21c67c1030d55acf046c239cb3f865
Mandriva Linux Security Advisory 2014-059
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7327, CVE-2014-1943, CVE-2014-2270
SHA-256 | 95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456
Mandriva Linux Security Advisory 2014-051
Posted Mar 13, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-051 - It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. Additionally, other well-crafted files might result in long computation times and overlong results. A flaw was found in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code. A memory leak in file has also been fixed. The affected packages have been upgraded to the 5.12 version and patched to correct these flaws.

tags | advisory, arbitrary, memory leak
systems | linux, windows, mandriva
advisories | CVE-2014-1943, CVE-2014-2270
SHA-256 | 279824ee2cc767c988c6f20272e49c97a4ed11a71b33721f4a621432894306b0
Debian Security Advisory 2873-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2873-1 - Several vulnerabilities have been found in file, a file type classification tool.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2270
SHA-256 | c2bf451d0b46c8fcb229f218a01ef4754b2b29f78fd5d1334ba90adc167e6302
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close