CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
fine_free_file_projectfine_free_file
𝑥
< 5.17
phpphp
5.4.0 ≤
𝑥
< 5.4.26
phpphp
5.5.0 ≤
𝑥
< 5.5.10
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.10
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bookworm
1:5.44-3
fixed
bullseye
1:5.39-3+deb11u1
fixed
bullseye (security)
1:5.39-3+deb11u1
fixed
sid
1:5.45-3
fixed
trixie
1:5.45-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
lucid
Fixed 5.03-5ubuntu1.1
released
precise
Fixed 5.09-2ubuntu0.2
released
quantal
Fixed 5.11-2ubuntu0.1
released
saucy
Fixed 5.11-2ubuntu4.1
released
php5
lucid
Fixed 5.3.2-1ubuntu4.23
released
precise
Fixed 5.3.10-1ubuntu3.10
released
quantal
Fixed 5.4.6-1ubuntu1.7
released
saucy
Fixed 5.5.3+dfsg-1ubuntu2.2
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
file
RHEL 6
0:5.04-21.el6
fixed
file-devel
RHEL 6
0:5.04-21.el6
fixed
file-libs
RHEL 6
0:5.04-21.el6
fixed
file-static
RHEL 6
0:5.04-21.el6
fixed
php
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-bcmath
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-cli
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-common
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-dba
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-devel
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-embedded
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-enchant
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-fpm
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-gd
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-imap
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-intl
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-ldap
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-mbstring
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-mysql
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-odbc
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-pdo
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-pgsql
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-process
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-pspell
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-recode
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-snmp
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-soap
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-tidy
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-xml
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-xmlrpc
RHEL 6
0:5.3.3-27.el6_5.1
fixed
php-zts
RHEL 6
0:5.3.3-27.el6_5.1
fixed
python-magic
RHEL 6
0:5.04-21.el6
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
file
Amazon Linux 1
0:5.11-13.14.amzn1
fixed
file-debuginfo
Amazon Linux 1
0:5.11-13.14.amzn1
fixed
file-devel
Amazon Linux 1
0:5.11-13.14.amzn1
fixed
file-libs
Amazon Linux 1
0:5.11-13.14.amzn1
fixed
file-static
Amazon Linux 1
0:5.11-13.14.amzn1
fixed
php54
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-bcmath
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-cli
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-common
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-dba
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-debuginfo
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-devel
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-embedded
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-enchant
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-fpm
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-gd
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-imap
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-intl
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-ldap
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-mbstring
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-mcrypt
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-mssql
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-mysql
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-mysqlnd
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-odbc
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-pdo
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-pgsql
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-process
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-pspell
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-recode
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-snmp
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-soap
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-tidy
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-xml
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php54-xmlrpc
Amazon Linux 1
0:5.4.26-1.51.amzn1
fixed
php55
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-bcmath
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-cli
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-common
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-dba
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-debuginfo
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-devel
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-embedded
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-enchant
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-fpm
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-gd
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-gmp
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-imap
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-intl
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-ldap
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-mbstring
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-mcrypt
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-mssql
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-mysqlnd
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-odbc
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-opcache
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-pdo
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-pgsql
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-process
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-pspell
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-recode
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-snmp
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-soap
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-tidy
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-xml
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
php55-xmlrpc
Amazon Linux 1
0:5.5.10-1.67.amzn1
fixed
python-magic
Amazon Linux 1
0:5.11-13.14.amzn1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://mx.gw.com/pipermail/file/2014/001327.html
http://mx.gw.com/pipermail/file/2014/001330.html
http://mx.gw.com/pipermail/file/2014/001334.html
http://mx.gw.com/pipermail/file/2014/001337.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2861
http://www.debian.org/security/2014/dsa-2868
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-2123-1
http://www.ubuntu.com/usn/USN-2126-1
https://github.com/glensc/file/blob/FILE5_17/ChangeLog
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://mx.gw.com/pipermail/file/2014/001327.html
http://mx.gw.com/pipermail/file/2014/001330.html
http://mx.gw.com/pipermail/file/2014/001334.html
http://mx.gw.com/pipermail/file/2014/001337.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2861
http://www.debian.org/security/2014/dsa-2868
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-2123-1
http://www.ubuntu.com/usn/USN-2126-1
https://github.com/glensc/file/blob/FILE5_17/ChangeLog