Vulnerability Details : CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-2270
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*
Threat overview for CVE-2014-2270
Top countries where our scanners detected CVE-2014-2270
Top open port discovered on systems with this issue
80
IPs affected by CVE-2014-2270 159,500
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-2270!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-2270
95.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2270
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2270
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2270
-
http://www.ubuntu.com/usn/USN-2163-1
USN-2163-1: PHP vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2162-1
USN-2162-1: file vulnerability | Ubuntu security noticesThird Party Advisory
-
http://support.apple.com/kb/HT6443
About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html
openSUSE-SU-2014:0435-1: moderate: file: fixed off-by-one errorsMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201503-08
file: Denial of Service (GLSA 201503-08) — Gentoo securityThird Party Advisory
-
http://seclists.org/oss-sec/2014/q1/505
oss-sec: Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executablesMailing List;Patch;Third Party Advisory
-
http://www.debian.org/security/2014/dsa-2873
Debian -- Security Information -- DSA-2873-1 fileThird Party Advisory
-
http://seclists.org/oss-sec/2014/q1/473
oss-sec: CVE Request: file: crashes when checking softmagic for some corrupt PE executablesMailing List;Patch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RHSA-2014:1765 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
openSUSE-SU-2014:0364-1: moderate: file: security fixesMailing List;Third Party Advisory
-
http://bugs.gw.com/view.php?id=313
Broken Link;Patch
-
https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801
PR/313: Aaron Reffett: Check properly for exceeding the offset. · file/file@4475585 · GitHubPatch;Third Party Advisory
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
openSUSE-SU-2014:0367-1: moderate: file: security fixesMailing List;Third Party Advisory
-
http://seclists.org/oss-sec/2014/q1/504
oss-sec: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executablesMailing List;Patch;Third Party Advisory
Jump to