USN-2278-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-2278-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-2278-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2278-1
Related
  • CVE-2013-7345
  • CVE-2014-0207
  • CVE-2014-3478
  • CVE-2014-3479
  • CVE-2014-3480
  • CVE-2014-3487
  • CVE-2014-3538
Published
2014-07-15T17:43:43.487183Z
Modified
2014-07-15T17:43:43.487183Z
Summary
file vulnerabilities
Details

Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2013-7345)

Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

Jan Kalu┼ża discovered that file did not properly restrict the amount of data read during regex searches. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2014-3538)

References

Affected packages

Ubuntu:14.04:LTS / file

Package

Name
file

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:5.14-2ubuntu3.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "python-magic": "1:5.14-2ubuntu3.1",
            "file": "1:5.14-2ubuntu3.1",
            "libmagic-dev": "1:5.14-2ubuntu3.1",
            "libmagic1": "1:5.14-2ubuntu3.1",
            "python3-magic": "1:5.14-2ubuntu3.1"
        }
    ]
}