CVE-2014-8116

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
file_projectfile
5.20
freebsdfreebsd
*
mageiamageia
4.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bookworm
1:5.44-3
fixed
bullseye
1:5.39-3+deb11u1
fixed
bullseye (security)
1:5.39-3+deb11u1
fixed
sid
1:5.45-3
fixed
squeeze
not-affected
trixie
1:5.45-3
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
lucid
Fixed 5.03-5ubuntu1.5
released
precise
Fixed 5.09-2ubuntu0.6
released
trusty
Fixed 1:5.14-2ubuntu3.3
released
utopic
Fixed 1:5.19-1ubuntu1.2
released
php5
lucid
not-affected
precise
not-affected
trusty
not-affected
utopic
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
file
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
file-devel
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
file-magic
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
libmagic1
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
libmagic1-32bit
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
file
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
file-devel
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
file-libs
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
file-static
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
python-magic
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0040.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://seclists.org/oss-sec/2014/q4/1056
http://secunia.com/advisories/61944
http://secunia.com/advisories/62081
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71700
http://www.securitytracker.com/id/1031344
http://www.ubuntu.com/usn/USN-2494-1
https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8
https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
http://advisories.mageia.org/MGASA-2015-0040.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://seclists.org/oss-sec/2014/q4/1056
http://secunia.com/advisories/61944
http://secunia.com/advisories/62081
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71700
http://www.securitytracker.com/id/1031344
http://www.ubuntu.com/usn/USN-2494-1
https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8
https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc