CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
fine_free_file_projectfine_free_file
𝑥
< 5.17
phpphp
5.4.0 ≤
𝑥
< 5.4.26
phpphp
5.5.0 ≤
𝑥
< 5.5.10
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.10
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bullseye (security)
1:5.39-3+deb11u1
fixed
bullseye
1:5.39-3+deb11u1
fixed
bookworm
1:5.44-3
fixed
sid
1:5.45-3
fixed
trixie
1:5.45-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
saucy
Fixed 5.11-2ubuntu4.1
released
quantal
Fixed 5.11-2ubuntu0.1
released
precise
Fixed 5.09-2ubuntu0.2
released
lucid
Fixed 5.03-5ubuntu1.1
released
php5
saucy
Fixed 5.5.3+dfsg-1ubuntu2.2
released
quantal
Fixed 5.4.6-1ubuntu1.7
released
precise
Fixed 5.3.10-1ubuntu3.10
released
lucid
Fixed 5.3.2-1ubuntu4.23
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://mx.gw.com/pipermail/file/2014/001327.html
http://mx.gw.com/pipermail/file/2014/001330.html
http://mx.gw.com/pipermail/file/2014/001334.html
http://mx.gw.com/pipermail/file/2014/001337.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2861
http://www.debian.org/security/2014/dsa-2868
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-2123-1
http://www.ubuntu.com/usn/USN-2126-1
https://github.com/glensc/file/blob/FILE5_17/ChangeLog
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://mx.gw.com/pipermail/file/2014/001327.html
http://mx.gw.com/pipermail/file/2014/001330.html
http://mx.gw.com/pipermail/file/2014/001334.html
http://mx.gw.com/pipermail/file/2014/001337.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2861
http://www.debian.org/security/2014/dsa-2868
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-2123-1
http://www.ubuntu.com/usn/USN-2126-1
https://github.com/glensc/file/blob/FILE5_17/ChangeLog