CVSS: 6.2EPSS: 5%CPEs: 23EXPL: 4CVE-2014-3538 – file: unrestricted regular expression matching
https://notcve.org/view.php?id=CVE-2014-3538
03 Jul 2014 — file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de C... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 6.2EPSS: 1%CPEs: 6EXPL: 2CVE-2013-7345 – file: extensive backtracking in awk rule regular expression
https://notcve.org/view.php?id=CVE-2013-7345
23 Mar 2014 — The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. La expresión regular BEGIN en el detector de script de awk en el archivo magic/Magdir/commands anterior a 5.15 utiliza múltiples comodines con ... • http://bugs.gw.com/view.php?id=164 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.5EPSS: 37%CPEs: 13EXPL: 0CVE-2014-2270 – file: out-of-bounds access in search rules with offsets from input file
https://notcve.org/view.php?id=CVE-2014-2270
12 Mar 2014 — softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. softmagic.c en archivo anterior a 5.17 y libmagic permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria fuera de rango y caída) a través de desplazamientos (“offsets”) manipulados en el softmagic de un ejecutable PE. A denial of service flaw was found in the way ... • http://bugs.gw.com/view.php?id=313 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2012-1571 – file: out of bounds read in CDF parser
https://notcve.org/view.php?id=CVE-2012-1571
17 Jul 2012 — file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. archivo antes de v5.11 y libmagic permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo de documento elaborado compuesto (CDF) que activa (1) una lectura fuera de límites o (2) una desreferencia de puntero no válido. A denial of service flaw was found i... • http://mx.gw.com/pipermail/file/2012/000914.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3930
https://notcve.org/view.php?id=CVE-2009-3930
10 Nov 2009 — Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. Múltiples desbordamiento de búfer en Christos Zoulas file before v5.02 permite a atacantes asistidos remotamente por usuarios tienen un impacto no especificado a través de un componente de documento manipulado (como cdf) archivo que provoca un desbordamiento de búfer. • http://mx.gw.com/pipermail/file/2009/000382.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2007-2026 – Gentoo Linux Security Advisory 201412-11
https://notcve.org/view.php?id=CVE-2007-2026
13 Apr 2007 — The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. El código regular de la expresión de gnu en el archivo 4.20 permite a atacantes dependientes del contexto provocar denegación de servicio (consumo de CPU) a través de documentos manipulados con un gran n... • http://secunia.com/advisories/24918 •