CVE-2014-1943 — MEDIUM (5.0)

Q: What is CVE-2014-1943?

CVE-2014-1943 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Q: How severe is CVE-2014-1943?

CVE-2014-1943 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1943?

Check the references section above for vendor advisories and patch information. Affected products include: Fine Free File Project Fine Free File, Php Php, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Fine Free File Project	Fine Free File	< 5.17
Php	Php	>= 5.4.0, < 5.4.26
Canonical	Ubuntu Linux	10.04
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-755

References

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.htmlMailing ListTool Signature
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.htmlMailing ListTool Signature
http://mx.gw.com/pipermail/file/2014/001327.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001330.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001334.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001337.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://support.apple.com/kb/HT6443Third Party Advisory
http://www.debian.org/security/2014/dsa-2861Third Party Advisory
http://www.debian.org/security/2014/dsa-2868Third Party Advisory
http://www.php.net/ChangeLog-5.phpRelease NotesVendor Advisory
http://www.ubuntu.com/usn/USN-2123-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2126-1Third Party Advisory
https://github.com/glensc/file/blob/FILE5_17/ChangeLogRelease NotesThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.htmlMailing ListTool Signature

FAQ

What is CVE-2014-1943?

CVE-2014-1943 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

How severe is CVE-2014-1943?

CVE-2014-1943 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1943?

Check the references section above for vendor advisories and patch information. Affected products include: Fine Free File Project Fine Free File, Php Php, Canonical Ubuntu Linux, Debian Debian Linux.