| Errata ID | 366 |
|---|---|
| Date | 2015-09-09 |
| Source package | file |
| Fixed in version | 5.04-5.37.201508292015 |
| Description | These vulnerabilities have been fixed in file: * Incorrect handling of indirect rules in libmagic may lead to an infinite loop, resulting in denial of service (CVE-2014-1943) * Denial of service in libmagic (CVE-2014-2270) * Denial of service in magic for awk scripts (CVE-2013-7345) * Buffer overflow in CDF module (CVE-2014-3487, CVE-2014-3479, CVE-2014-3480, CVE-2014-0207) * Incorrect string size calculation in the softmagic module (CVE-2014-3478) * Buffer overflow in CDF parsing (CVE-2014-3587) * Out of bounds reads when parsing ELF section headers (CVE-2014-3710) * Denial of service issues in the ELF parser (CVE-2014-8116, CVE-2014-8117) * Denial of service when processing malformed ELF files (CVE-2014-9653) * Performance degradation (CVE-2014-0237) * Infinite loop or out-of-bounds memory access (CVE-2014-0238) * CPU consumption (CVE-2014-3538) |
| Additional notes | |
| CVE ID | CVE-2014-1943 CVE-2014-2270 CVE-2013-7345 CVE-2014-3487 CVE-2014-3479 CVE-2014-3480 CVE-2014-0207 CVE-2014-3478 CVE-2014-3587 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9653 CVE-2014-0237 CVE-2014-0238 CVE-2014-3538 |
| UCS Bug number | #34135 |
