CVE-2014-8116
file: multiple denial of service issues (resource consumption)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
El intérprete ELF (readelf.c) en versiones anteriores a 5.21, permite a atacantes remotos, provocar una denegaci?o de servicio (consumo de CPU o rotura) mediante un número largo de (1) programa o (2) cabeceras de sección o (3) capacidades no válidas.
Multiple flaws were found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of system resources.
Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2014-12-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-674: Uncontrolled Recursion
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2015-0040.html | Third Party Advisory | |
| http://seclists.org/oss-sec/2014/q4/1056 | Mailing List |
|
| http://secunia.com/advisories/61944 | Third Party Advisory | |
| http://secunia.com/advisories/62081 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/71700 | Vdb Entry | |
| http://www.securitytracker.com/id/1031344 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-0760.html | 2018-01-05 | |
| http://www.ubuntu.com/usn/USN-2494-1 | 2018-01-05 | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2014-8116 | 2016-05-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1171580 | 2016-05-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| File Project Search vendor "File Project" | File Search vendor "File Project" for product "File" | 5.20 Search vendor "File Project" for product "File" and version "5.20" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Affected
| ||||||
| Mageia Search vendor "Mageia" | Mageia Search vendor "Mageia" for product "Mageia" | 4.0 Search vendor "Mageia" for product "Mageia" and version "4.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||