CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-9621 – Ubuntu Security Notice USN-3686-1
https://notcve.org/view.php?id=CVE-2014-9621
21 Jan 2015 — The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. El analizador ELF en file 5.16 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de una cadena larga. Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2014-8116 – file: multiple denial of service issues (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8116
10 Dec 2014 — The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. El intérprete ELF (readelf.c) en versiones anteriores a 5.21, permite a atacantes remotos, provocar una denegaci?o de servicio (consumo de CPU o rotura) mediante un número largo de (1) programa o (2) cabeceras de sección o (3) capacidades no válidas. Multiple flaws were found in the way the File In... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 9%CPEs: 7EXPL: 0CVE-2014-8117 – file: denial of service issue (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8117
10 Dec 2014 — softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. softmagic.c en archivo anterior a 5.21 no limita adecuadamente el límite de recursividad, esto permite a atacantes remotos, provocar una denegación de servicio (consumo de CPU o rotura) mediante vectores no especificados. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 6.2EPSS: 18%CPEs: 88EXPL: 2CVE-2014-3587 – file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
https://notcve.org/view.php?id=CVE-2014-3587
21 Aug 2014 — Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. Desbordamiento de enteros en la función cdf_read_property_info en cdf.c en ficheros hasta 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.32 y 5.5.x ant... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 12%CPEs: 8EXPL: 0CVE-2014-3480 – file: cdf_count_chain insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3480
09 Jul 2014 — The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_count_chain function en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente datos de la cuenta de sectores, lo que permi... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 9.1EPSS: 31%CPEs: 79EXPL: 1CVE-2014-3478 – file: mconvert incorrect handling of truncated pascal string size
https://notcve.org/view.php?id=CVE-2014-3478
09 Jul 2014 — Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. Desbordamiento de buffer en la función mconvert en softmagic.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegació... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 12%CPEs: 8EXPL: 0CVE-2014-3479 – file: cdf_check_stream_offset insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3479
09 Jul 2014 — The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. La función cdf_check_stream_offset en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, depende de datos de tamaño de sectores incorrect... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 9.1EPSS: 17%CPEs: 8EXPL: 0CVE-2014-3487 – file: cdf_read_property_info insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3487
09 Jul 2014 — The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_read_property_info en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente un desplazamiento de flujo, lo que permite a atacantes remo... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 11%CPEs: 8EXPL: 0CVE-2014-0207 – file: cdf_read_short_sector insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-0207
09 Jul 2014 — The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. La función cdf_read_short_sector en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 8%CPEs: 23EXPL: 4CVE-2014-3538 – file: unrestricted regular expression matching
https://notcve.org/view.php?id=CVE-2014-3538
03 Jul 2014 — file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de C... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-399: Resource Management Errors •