CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
file_projectfile
𝑥
≤ 5.20
freebsdfreebsd
*
mageiamageia
4.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bookworm
1:5.44-3
fixed
bullseye
1:5.39-3+deb11u1
fixed
bullseye (security)
1:5.39-3+deb11u1
fixed
sid
1:5.45-3
fixed
trixie
1:5.45-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
lucid
Fixed 5.03-5ubuntu1.5
released
precise
Fixed 5.09-2ubuntu0.6
released
trusty
Fixed 1:5.14-2ubuntu3.3
released
utopic
Fixed 1:5.19-1ubuntu1.2
released
php5
lucid
Fixed 5.3.2-1ubuntu4.29
released
precise
Fixed 5.3.10-1ubuntu3.17
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.7
released
utopic
Fixed 5.5.12+dfsg-2ubuntu4.3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
file
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
file-devel
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
file-magic
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
libmagic1
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
libmagic1-32bit
suse enterprise desktop 15
5.32-5.22
fixed
suse enterprise desktop 15 SP1
5.32-7.5.1
fixed
suse enterprise desktop 15 SP2
5.32-7.8.1
fixed
suse enterprise desktop 15 SP3
5.32-7.11.2
fixed
suse enterprise desktop 15 SP4
5.32-7.14.1
fixed
suse enterprise desktop 15 SP5
5.32-7.14.1
fixed
suse enterprise desktop 15 SP6
5.32-7.14.1
fixed
suse enterprise desktop 15 SP7
5.32-7.14.1
fixed
suse enterprise sap 12
5.19-9.1
fixed
suse enterprise sap 12 SP2
5.22-10.3.1
fixed
suse enterprise sap 12 SP3
5.22-10.3.1
fixed
suse enterprise sap 12 SP5
5.22-10.12.2
fixed
suse enterprise sap 15
5.32-5.22
fixed
suse enterprise sap 15 SP1
5.32-7.5.1
fixed
suse enterprise sap 15 SP2
5.32-7.8.1
fixed
suse enterprise sap 15 SP3
5.32-7.11.2
fixed
suse enterprise sap 15 SP4
5.32-7.14.1
fixed
suse enterprise sap 15 SP5
5.32-7.14.1
fixed
suse enterprise sap 15 SP6
5.32-7.14.1
fixed
suse enterprise sap 15 SP7
5.32-7.14.1
fixed
suse enterprise server 12
5.19-9.1
fixed
suse enterprise server 12 SP2
5.22-10.3.1
fixed
suse enterprise server 12 SP3
5.22-10.3.1
fixed
suse enterprise server 12 SP5
5.22-10.12.2
fixed
suse enterprise server 15
5.32-5.22
fixed
suse enterprise server 15 SP1
5.32-7.5.1
fixed
suse enterprise server 15 SP2
5.32-7.8.1
fixed
suse enterprise server 15 SP3
5.32-7.11.2
fixed
suse enterprise server 15 SP4
5.32-7.14.1
fixed
suse enterprise server 15 SP5
5.32-7.14.1
fixed
suse enterprise server 15 SP6
5.32-7.14.1
fixed
suse enterprise server 15 SP7
5.32-7.14.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
file
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
file-devel
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
file-libs
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
file-static
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
python-magic
RHEL 6
0:5.04-30.el6
fixed
RHEL 7
0:5.11-31.el7
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0040.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://seclists.org/oss-sec/2014/q4/1056
http://secunia.com/advisories/61944
http://secunia.com/advisories/62081
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71692
http://www.securitytracker.com/id/1031344
http://www.ubuntu.com/usn/USN-2494-1
http://www.ubuntu.com/usn/USN-2535-1
https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
http://advisories.mageia.org/MGASA-2015-0040.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://seclists.org/oss-sec/2014/q4/1056
http://secunia.com/advisories/61944
http://secunia.com/advisories/62081
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71692
http://www.securitytracker.com/id/1031344
http://www.ubuntu.com/usn/USN-2494-1
http://www.ubuntu.com/usn/USN-2535-1
https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc