CVSS: 4.3EPSS: 95%CPEs: 13EXPL: 0CVE-2014-2270 – file: out-of-bounds access in search rules with offsets from input file
https://notcve.org/view.php?id=CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. softmagic.c en archivo anterior a 5.17 y libmagic permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria fuera de rango y caída) a través de desplazamientos (“offsets”) manipulados en el softmagic de un ejecutable PE. A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. • http://bugs.gw.com/view.php?id=313 http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://seclists.org/oss-sec/2014/q1/473 http://seclists.org/oss-sec/2014/q1/504 http://seclists.org/oss-sec/2014/q1/505 http://support.apple.com/kb/HT6443 http://www.debian.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0CVE-2014-1943 – file: unrestricted recursion in handling of indirect type rules
https://notcve.org/view.php?id=CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. Fine Free File anterior a 5.17 permite a atacantes dependientes de contexto causar una denegación de servicio (recursión infinita, consumo de CPU y caída) a través de un valor manipulado de desplazamiento indirecto en el "magic" de un archivo. A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. • http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html http://mx.gw.com/pipermail/file/2014/001327.html http://mx.gw.com/pipermail/file/2014/001330.html http://mx.gw.com/pipermail/file/2014/001334.html http://mx.gw.com/pipermail/file/2014/001337.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://support.apple.com/kb/HT6443 http://www.debian.org/security/2014/dsa-2861 http:& • CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4139
https://notcve.org/view.php?id=CVE-2013-4139
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. El módulo Stage File Proxy v7.x-1.x anterior a v7.x-1.4 para Drupal, lo que permite a atacantes remotos provocar una denegación de servicio (degradación del rendimiento de las operaciones de ficheros y fallos) a través de un gran número de solicitudes. • http://www.openwall.com/lists/oss-security/2013/07/17/1 https://drupal.org/node/2038799 https://drupal.org/node/2038801 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4668
https://notcve.org/view.php?id=CVE-2013-4668
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. Vulnerabilidad de salto de directorio en File Roller v3.6.x anterior a v3.6.4, v3.8.x anterior a v3.8.3, y v3.9.x anterior a v3.9.3, cuando libarchive es utilizado, permite a atacantes remotos crear archivos arbitrarios a través de un archivo especialmente diseñado que que no es se maneja adecuadamente en una acción "Keep directory structure", en relación a fr-archive-libarchive.c y fr-window.c. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html http://secunia.com/advisories/54351 http://www.ocert.org/advisories/ocert-2013-001.html http://www.securityfocus.com/bid/61008 http://www.ubuntu.com/usn/USN-1906-1 https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •