Search

Find a vulnerability

Search criteria

    18 vulnerabilities by christos_zoulas

    CVE-2014-3587 (GCVE-0-2014-3587)

    Vulnerability from nvd – Published: 2014-08-23 01:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/file/file/commit/0641e56be1af0… x_refsource_CONFIRM
    https://support.apple.com/HT204659 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2369-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2014-1766.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2014/dsa-3021 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/60609 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2344-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-0760.html vendor-advisoryx_refsource_REDHAT
    https://security-tracker.debian.org/tracker/CVE-2… x_refsource_CONFIRM
    http://php.net/ChangeLog-5.php x_refsource_CONFIRM
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1326.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.debian.org/security/2014/dsa-3008 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2014-1327.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/69325 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2014-1765.html vendor-advisoryx_refsource_REDHAT
    https://github.com/php/php-src/commit/7ba1409a1ae… x_refsource_CONFIRM
    https://bugs.php.net/bug.php?id=67716 x_refsource_CONFIRM
    http://secunia.com/advisories/60696 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "USN-2369-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2369-1"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "name": "60609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60609"
              },
              {
                "name": "USN-2344-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2344-1"
              },
              {
                "name": "RHSA-2016:0760",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://php.net/ChangeLog-5.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "RHSA-2014:1326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "name": "DSA-3008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3008"
              },
              {
                "name": "RHSA-2014:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "69325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69325"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=67716"
              },
              {
                "name": "60696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60696"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "USN-2369-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2369-1"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "name": "60609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60609"
            },
            {
              "name": "USN-2344-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2344-1"
            },
            {
              "name": "RHSA-2016:0760",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "RHSA-2014:1326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "DSA-3008",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3008"
            },
            {
              "name": "RHSA-2014:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "69325",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69325"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.php.net/bug.php?id=67716"
            },
            {
              "name": "60696",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60696"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
                },
                {
                  "name": "https://support.apple.com/HT204659",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT204659"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "USN-2369-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2369-1"
                },
                {
                  "name": "RHSA-2014:1766",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
                },
                {
                  "name": "DSA-3021",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3021"
                },
                {
                  "name": "60609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60609"
                },
                {
                  "name": "USN-2344-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2344-1"
                },
                {
                  "name": "RHSA-2016:0760",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2014-3587",
                  "refsource": "CONFIRM",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
                },
                {
                  "name": "http://php.net/ChangeLog-5.php",
                  "refsource": "CONFIRM",
                  "url": "http://php.net/ChangeLog-5.php"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "RHSA-2014:1326",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
                },
                {
                  "name": "APPLE-SA-2015-04-08-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
                },
                {
                  "name": "DSA-3008",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3008"
                },
                {
                  "name": "RHSA-2014:1327",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
                },
                {
                  "name": "69325",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69325"
                },
                {
                  "name": "RHSA-2014:1765",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
                },
                {
                  "name": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
                },
                {
                  "name": "https://bugs.php.net/bug.php?id=67716",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.php.net/bug.php?id=67716"
                },
                {
                  "name": "60696",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60696"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3587",
        "datePublished": "2014-08-23T01:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3478 (GCVE-0-2014-3478)

    Vulnerability from nvd – Published: 2014-07-09 10:00 – Updated: 2025-12-04 20:26
    VLAI
    Summary
    Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    URL Tags
    https://support.apple.com/HT204659 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1766.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2014/dsa-3021 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=141017844705317&w=2 vendor-advisoryx_refsource_HP
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2974 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/59794 third-party-advisoryx_refsource_SECUNIA
    http://www.php.net/ChangeLog-5.php x_refsource_CONFIRM
    http://mx.gw.com/pipermail/file/2014/001553.html mailing-listx_refsource_MLIST
    https://github.com/file/file/commit/27a14bc7ba285… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/68239 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT6443 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1327.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1765.html vendor-advisoryx_refsource_REDHAT
    https://bugs.php.net/bug.php?id=67410 x_refsource_CONFIRM
    http://secunia.com/advisories/59831 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    Date Public
    2014-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "name": "HPSBUX03102",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "DSA-2974",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2974"
              },
              {
                "name": "59794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59794"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-5.php"
              },
              {
                "name": "[file] 20140612 file-5.19 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
              },
              {
                "name": "68239",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68239"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT6443"
              },
              {
                "name": "RHSA-2014:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=67410"
              },
              {
                "name": "SSRT101681",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "name": "59831",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59831"
              },
              {
                "name": "openSUSE-SU-2014:1236",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-3478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-04T20:26:48.397424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T20:26:53.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "name": "HPSBUX03102",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "DSA-2974",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2974"
            },
            {
              "name": "59794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59794"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "[file] 20140612 file-5.19 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
            },
            {
              "name": "68239",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68239"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "RHSA-2014:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.php.net/bug.php?id=67410"
            },
            {
              "name": "SSRT101681",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "59831",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59831"
            },
            {
              "name": "openSUSE-SU-2014:1236",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3478",
        "datePublished": "2014-07-09T10:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2025-12-04T20:26:53.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-0207 (GCVE-0-2014-0207)

    Vulnerability from nvd – Published: 2014-07-09 10:00 – Updated: 2025-12-04 20:29
    VLAI
    Summary
    The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Date Public
    2014-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.204Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "name": "68243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68243"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "name": "HPSBUX03102",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "DSA-2974",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2974"
              },
              {
                "name": "59794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59794"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-5.php"
              },
              {
                "name": "[file] 20140612 file-5.19 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=67326"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT6443"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "name": "SSRT101681",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "name": "59831",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59831"
              },
              {
                "name": "openSUSE-SU-2014:1236",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-04T20:29:01.775646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T20:29:06.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "68243",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68243"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "name": "HPSBUX03102",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "DSA-2974",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2974"
            },
            {
              "name": "59794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59794"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "[file] 20140612 file-5.19 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.php.net/bug.php?id=67326"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "SSRT101681",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "59831",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59831"
            },
            {
              "name": "openSUSE-SU-2014:1236",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0207",
        "datePublished": "2014-07-09T10:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2025-12-04T20:29:06.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-3538 (GCVE-0-2014-3538)

    Vulnerability from nvd – Published: 2014-07-03 14:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/file/file/commit/74cafd7de9ec9… x_refsource_CONFIRM
    https://github.com/file/file/commit/71a8b6c0d758a… x_refsource_CONFIRM
    https://support.apple.com/HT204659 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1766.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2014/dsa-3021 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=1098222 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0760.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/68348 vdb-entryx_refsource_BID
    https://github.com/file/file/commit/4a284c89d6ef1… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://openwall.com/lists/oss-security/2014/06/30/7 mailing-listx_refsource_MLIST
    http://mx.gw.com/pipermail/file/2014/001553.html mailing-listx_refsource_MLIST
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.debian.org/security/2014/dsa-3008 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2014-1327.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1765.html vendor-advisoryx_refsource_REDHAT
    https://github.com/file/file/commit/69a5a43b3b71f… x_refsource_CONFIRM
    http://secunia.com/advisories/60696 third-party-advisoryx_refsource_SECUNIA
    https://github.com/file/file/commit/758e066df72fb… x_refsource_CONFIRM
    Date Public
    2014-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:16.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
              },
              {
                "name": "RHSA-2016:0760",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
              },
              {
                "name": "68348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/06/30/7"
              },
              {
                "name": "[file] 20140612 file-5.19 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "name": "DSA-3008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3008"
              },
              {
                "name": "RHSA-2014:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
              },
              {
                "name": "60696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60696"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
            },
            {
              "name": "RHSA-2016:0760",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
            },
            {
              "name": "68348",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/06/30/7"
            },
            {
              "name": "[file] 20140612 file-5.19 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "DSA-3008",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3008"
            },
            {
              "name": "RHSA-2014:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
            },
            {
              "name": "60696",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60696"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3538",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
                },
                {
                  "name": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
                },
                {
                  "name": "https://support.apple.com/HT204659",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT204659"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "RHSA-2014:1766",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
                },
                {
                  "name": "DSA-3021",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3021"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
                },
                {
                  "name": "RHSA-2016:0760",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
                },
                {
                  "name": "68348",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68348"
                },
                {
                  "name": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/06/30/7"
                },
                {
                  "name": "[file] 20140612 file-5.19 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
                },
                {
                  "name": "APPLE-SA-2015-04-08-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
                },
                {
                  "name": "DSA-3008",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3008"
                },
                {
                  "name": "RHSA-2014:1327",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
                },
                {
                  "name": "RHSA-2014:1765",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
                },
                {
                  "name": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
                },
                {
                  "name": "60696",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60696"
                },
                {
                  "name": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3538",
        "datePublished": "2014-07-03T14:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:16.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7345 (GCVE-0-2013-7345)

    Vulnerability from nvd – Published: 2014-03-23 15:00 – Updated: 2024-08-06 18:01
    VLAI
    Summary
    The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.506Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gw.com/view.php?id=164"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT6443"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "name": "DSA-2873",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2873"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-11-13T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gw.com/view.php?id=164"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "DSA-2873",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2873"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7345",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
                },
                {
                  "name": "http://bugs.gw.com/view.php?id=164",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gw.com/view.php?id=164"
                },
                {
                  "name": "http://support.apple.com/kb/HT6443",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT6443"
                },
                {
                  "name": "RHSA-2014:1765",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
                },
                {
                  "name": "DSA-2873",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2873"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7345",
        "datePublished": "2014-03-23T15:00:00.000Z",
        "dateReserved": "2014-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:01:20.506Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1571 (GCVE-0-2012-1571)

    Vulnerability from nvd – Published: 2012-07-17 21:00 – Updated: 2025-12-04 20:31
    VLAI
    Summary
    file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2012/dsa-2422 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://github.com/glensc/file/commit/1aec04dbf8a… x_refsource_CONFIRM
    http://mx.gw.com/pipermail/file/2012/000914.html mailing-listx_refsource_MLIST
    https://github.com/glensc/file/commit/1859fdb4e67… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2123-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2012-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-2422",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2422"
              },
              {
                "name": "MDVSA-2012:035",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
              },
              {
                "name": "[file] 20120221 file-5.11 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2012/000914.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
              },
              {
                "name": "USN-2123-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2123-1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2012-1571",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-04T20:30:57.318506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T20:31:00.745Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-05T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "DSA-2422",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2422"
            },
            {
              "name": "MDVSA-2012:035",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
            },
            {
              "name": "[file] 20120221 file-5.11 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2012/000914.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
            },
            {
              "name": "USN-2123-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2123-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1571",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-2422",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2422"
                },
                {
                  "name": "MDVSA-2012:035",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
                },
                {
                  "name": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
                },
                {
                  "name": "[file] 20120221 file-5.11 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2012/000914.html"
                },
                {
                  "name": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
                },
                {
                  "name": "USN-2123-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2123-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1571",
        "datePublished": "2012-07-17T21:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2025-12-04T20:31:00.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2009-3930 (GCVE-0-2009-3930)

    Vulnerability from nvd – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://mx.gw.com/pipermail/file/2009/000382.html mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/37074 vdb-entryx_refsource_BID
    Date Public
    2009-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[file] 20090504 file-5.02 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2009/000382.html"
              },
              {
                "name": "37074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37074"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-11-24T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[file] 20090504 file-5.02 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2009/000382.html"
            },
            {
              "name": "37074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37074"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3930",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[file] 20090504 file-5.02 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2009/000382.html"
                },
                {
                  "name": "37074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37074"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3930",
        "datePublished": "2009-11-10T19:00:00.000Z",
        "dateReserved": "2009-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1515 (GCVE-0-2009-1515)

    Vulnerability from nvd – Published: 2009-05-04 16:12 – Updated: 2024-08-07 05:13
    VLAI
    Summary
    Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:13:25.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2009:129",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
              },
              {
                "name": "34745",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34745"
              },
              {
                "name": "[file] 20090501 file 5.01 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
              },
              {
                "name": "34881",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34881"
              },
              {
                "name": "54100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/54100"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-06-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDVSA-2009:129",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
            },
            {
              "name": "34745",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34745"
            },
            {
              "name": "[file] 20090501 file 5.01 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
            },
            {
              "name": "34881",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34881"
            },
            {
              "name": "54100",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/54100"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1515",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2009:129",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
                },
                {
                  "name": "34745",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34745"
                },
                {
                  "name": "[file] 20090501 file 5.01 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
                },
                {
                  "name": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
                },
                {
                  "name": "34881",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34881"
                },
                {
                  "name": "54100",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/54100"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1515",
        "datePublished": "2009-05-04T16:12:00.000Z",
        "dateReserved": "2009-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:13:25.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1092 (GCVE-0-2003-1092)

    Vulnerability from nvd – Published: 2005-03-10 05:00 – Updated: 2024-08-08 02:12
    VLAI
    Summary
    Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/7009 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/100937 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/313847 vendor-advisoryx_refsource_OPENPKG
    Date Public
    2003-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:36.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "file-afctr-memory-allocation(11488)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488"
              },
              {
                "name": "7009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7009"
              },
              {
                "name": "VU#100937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/100937"
              },
              {
                "name": "OpenPKG-SA-2003.017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENPKG",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/313847"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unknown vulnerability in the \"Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to \"a memory allocation problem,\" has unknown impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "file-afctr-memory-allocation(11488)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488"
            },
            {
              "name": "7009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7009"
            },
            {
              "name": "VU#100937",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/100937"
            },
            {
              "name": "OpenPKG-SA-2003.017",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENPKG"
              ],
              "url": "http://www.securityfocus.com/archive/1/313847"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1092",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unknown vulnerability in the \"Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to \"a memory allocation problem,\" has unknown impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "file-afctr-memory-allocation(11488)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488"
                },
                {
                  "name": "7009",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7009"
                },
                {
                  "name": "VU#100937",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/100937"
                },
                {
                  "name": "OpenPKG-SA-2003.017",
                  "refsource": "OPENPKG",
                  "url": "http://www.securityfocus.com/archive/1/313847"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1092",
        "datePublished": "2005-03-10T05:00:00.000Z",
        "dateReserved": "2005-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:12:36.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3587 (GCVE-0-2014-3587)

    Vulnerability from cvelistv5 – Published: 2014-08-23 01:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/file/file/commit/0641e56be1af0… x_refsource_CONFIRM
    https://support.apple.com/HT204659 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2369-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2014-1766.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2014/dsa-3021 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/60609 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2344-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-0760.html vendor-advisoryx_refsource_REDHAT
    https://security-tracker.debian.org/tracker/CVE-2… x_refsource_CONFIRM
    http://php.net/ChangeLog-5.php x_refsource_CONFIRM
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1326.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.debian.org/security/2014/dsa-3008 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2014-1327.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/69325 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2014-1765.html vendor-advisoryx_refsource_REDHAT
    https://github.com/php/php-src/commit/7ba1409a1ae… x_refsource_CONFIRM
    https://bugs.php.net/bug.php?id=67716 x_refsource_CONFIRM
    http://secunia.com/advisories/60696 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "USN-2369-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2369-1"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "name": "60609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60609"
              },
              {
                "name": "USN-2344-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2344-1"
              },
              {
                "name": "RHSA-2016:0760",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://php.net/ChangeLog-5.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "RHSA-2014:1326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "name": "DSA-3008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3008"
              },
              {
                "name": "RHSA-2014:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "69325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69325"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=67716"
              },
              {
                "name": "60696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60696"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "USN-2369-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2369-1"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "name": "60609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60609"
            },
            {
              "name": "USN-2344-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2344-1"
            },
            {
              "name": "RHSA-2016:0760",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "RHSA-2014:1326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "DSA-3008",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3008"
            },
            {
              "name": "RHSA-2014:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "69325",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69325"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.php.net/bug.php?id=67716"
            },
            {
              "name": "60696",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60696"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233"
                },
                {
                  "name": "https://support.apple.com/HT204659",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT204659"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "USN-2369-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2369-1"
                },
                {
                  "name": "RHSA-2014:1766",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
                },
                {
                  "name": "DSA-3021",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3021"
                },
                {
                  "name": "60609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60609"
                },
                {
                  "name": "USN-2344-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2344-1"
                },
                {
                  "name": "RHSA-2016:0760",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2014-3587",
                  "refsource": "CONFIRM",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2014-3587"
                },
                {
                  "name": "http://php.net/ChangeLog-5.php",
                  "refsource": "CONFIRM",
                  "url": "http://php.net/ChangeLog-5.php"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "RHSA-2014:1326",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
                },
                {
                  "name": "APPLE-SA-2015-04-08-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
                },
                {
                  "name": "DSA-3008",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3008"
                },
                {
                  "name": "RHSA-2014:1327",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
                },
                {
                  "name": "69325",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69325"
                },
                {
                  "name": "RHSA-2014:1765",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
                },
                {
                  "name": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947"
                },
                {
                  "name": "https://bugs.php.net/bug.php?id=67716",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.php.net/bug.php?id=67716"
                },
                {
                  "name": "60696",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60696"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3587",
        "datePublished": "2014-08-23T01:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3478 (GCVE-0-2014-3478)

    Vulnerability from cvelistv5 – Published: 2014-07-09 10:00 – Updated: 2025-12-04 20:26
    VLAI
    Summary
    Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    URL Tags
    https://support.apple.com/HT204659 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1766.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2014/dsa-3021 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=141017844705317&w=2 vendor-advisoryx_refsource_HP
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2974 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/59794 third-party-advisoryx_refsource_SECUNIA
    http://www.php.net/ChangeLog-5.php x_refsource_CONFIRM
    http://mx.gw.com/pipermail/file/2014/001553.html mailing-listx_refsource_MLIST
    https://github.com/file/file/commit/27a14bc7ba285… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/68239 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT6443 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1327.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1765.html vendor-advisoryx_refsource_REDHAT
    https://bugs.php.net/bug.php?id=67410 x_refsource_CONFIRM
    http://secunia.com/advisories/59831 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    Date Public
    2014-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "name": "HPSBUX03102",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "DSA-2974",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2974"
              },
              {
                "name": "59794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59794"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-5.php"
              },
              {
                "name": "[file] 20140612 file-5.19 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
              },
              {
                "name": "68239",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68239"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT6443"
              },
              {
                "name": "RHSA-2014:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=67410"
              },
              {
                "name": "SSRT101681",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "name": "59831",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59831"
              },
              {
                "name": "openSUSE-SU-2014:1236",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-3478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-04T20:26:48.397424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T20:26:53.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "name": "HPSBUX03102",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "DSA-2974",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2974"
            },
            {
              "name": "59794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59794"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "[file] 20140612 file-5.19 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08"
            },
            {
              "name": "68239",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68239"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "RHSA-2014:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.php.net/bug.php?id=67410"
            },
            {
              "name": "SSRT101681",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "59831",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59831"
            },
            {
              "name": "openSUSE-SU-2014:1236",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3478",
        "datePublished": "2014-07-09T10:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2025-12-04T20:26:53.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-0207 (GCVE-0-2014-0207)

    Vulnerability from cvelistv5 – Published: 2014-07-09 10:00 – Updated: 2025-12-04 20:29
    VLAI
    Summary
    The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Date Public
    2014-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.204Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "name": "68243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68243"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "name": "HPSBUX03102",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "DSA-2974",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2974"
              },
              {
                "name": "59794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59794"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-5.php"
              },
              {
                "name": "[file] 20140612 file-5.19 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=67326"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT6443"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "name": "SSRT101681",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
              },
              {
                "name": "59831",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59831"
              },
              {
                "name": "openSUSE-SU-2014:1236",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-04T20:29:01.775646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T20:29:06.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "68243",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68243"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "name": "HPSBUX03102",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "DSA-2974",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2974"
            },
            {
              "name": "59794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59794"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "[file] 20140612 file-5.19 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.php.net/bug.php?id=67326"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "SSRT101681",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "59831",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59831"
            },
            {
              "name": "openSUSE-SU-2014:1236",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0207",
        "datePublished": "2014-07-09T10:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2025-12-04T20:29:06.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-3538 (GCVE-0-2014-3538)

    Vulnerability from cvelistv5 – Published: 2014-07-03 14:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/file/file/commit/74cafd7de9ec9… x_refsource_CONFIRM
    https://github.com/file/file/commit/71a8b6c0d758a… x_refsource_CONFIRM
    https://support.apple.com/HT204659 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1766.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2014/dsa-3021 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=1098222 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0760.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/68348 vdb-entryx_refsource_BID
    https://github.com/file/file/commit/4a284c89d6ef1… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://openwall.com/lists/oss-security/2014/06/30/7 mailing-listx_refsource_MLIST
    http://mx.gw.com/pipermail/file/2014/001553.html mailing-listx_refsource_MLIST
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.debian.org/security/2014/dsa-3008 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2014-1327.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-1765.html vendor-advisoryx_refsource_REDHAT
    https://github.com/file/file/commit/69a5a43b3b71f… x_refsource_CONFIRM
    http://secunia.com/advisories/60696 third-party-advisoryx_refsource_SECUNIA
    https://github.com/file/file/commit/758e066df72fb… x_refsource_CONFIRM
    Date Public
    2014-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:16.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT204659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "RHSA-2014:1766",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
              },
              {
                "name": "DSA-3021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3021"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
              },
              {
                "name": "RHSA-2016:0760",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
              },
              {
                "name": "68348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/06/30/7"
              },
              {
                "name": "[file] 20140612 file-5.19 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
              },
              {
                "name": "APPLE-SA-2015-04-08-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
              },
              {
                "name": "DSA-3008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3008"
              },
              {
                "name": "RHSA-2014:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
              },
              {
                "name": "60696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60696"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "RHSA-2014:1766",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3021",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3021"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
            },
            {
              "name": "RHSA-2016:0760",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
            },
            {
              "name": "68348",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/06/30/7"
            },
            {
              "name": "[file] 20140612 file-5.19 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "DSA-3008",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3008"
            },
            {
              "name": "RHSA-2014:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
            },
            {
              "name": "60696",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60696"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3538",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3"
                },
                {
                  "name": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668"
                },
                {
                  "name": "https://support.apple.com/HT204659",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT204659"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "RHSA-2014:1766",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
                },
                {
                  "name": "DSA-3021",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3021"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1098222"
                },
                {
                  "name": "RHSA-2016:0760",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
                },
                {
                  "name": "68348",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68348"
                },
                {
                  "name": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/06/30/7"
                },
                {
                  "name": "[file] 20140612 file-5.19 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
                },
                {
                  "name": "APPLE-SA-2015-04-08-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
                },
                {
                  "name": "DSA-3008",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3008"
                },
                {
                  "name": "RHSA-2014:1327",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
                },
                {
                  "name": "RHSA-2014:1765",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
                },
                {
                  "name": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610"
                },
                {
                  "name": "60696",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60696"
                },
                {
                  "name": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3538",
        "datePublished": "2014-07-03T14:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:16.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7345 (GCVE-0-2013-7345)

    Vulnerability from cvelistv5 – Published: 2014-03-23 15:00 – Updated: 2024-08-06 18:01
    VLAI
    Summary
    The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.506Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gw.com/view.php?id=164"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT6443"
              },
              {
                "name": "RHSA-2014:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
              },
              {
                "name": "DSA-2873",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2873"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-11-13T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gw.com/view.php?id=164"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "RHSA-2014:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "DSA-2873",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2873"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7345",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993"
                },
                {
                  "name": "http://bugs.gw.com/view.php?id=164",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gw.com/view.php?id=164"
                },
                {
                  "name": "http://support.apple.com/kb/HT6443",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT6443"
                },
                {
                  "name": "RHSA-2014:1765",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
                },
                {
                  "name": "DSA-2873",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2873"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7345",
        "datePublished": "2014-03-23T15:00:00.000Z",
        "dateReserved": "2014-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:01:20.506Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1571 (GCVE-0-2012-1571)

    Vulnerability from cvelistv5 – Published: 2012-07-17 21:00 – Updated: 2025-12-04 20:31
    VLAI
    Summary
    file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2012/dsa-2422 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://github.com/glensc/file/commit/1aec04dbf8a… x_refsource_CONFIRM
    http://mx.gw.com/pipermail/file/2012/000914.html mailing-listx_refsource_MLIST
    https://github.com/glensc/file/commit/1859fdb4e67… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2123-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2012-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-2422",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2422"
              },
              {
                "name": "MDVSA-2012:035",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
              },
              {
                "name": "[file] 20120221 file-5.11 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2012/000914.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
              },
              {
                "name": "USN-2123-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2123-1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2012-1571",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-04T20:30:57.318506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T20:31:00.745Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-05T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "DSA-2422",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2422"
            },
            {
              "name": "MDVSA-2012:035",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
            },
            {
              "name": "[file] 20120221 file-5.11 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2012/000914.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
            },
            {
              "name": "USN-2123-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2123-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1571",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-2422",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2422"
                },
                {
                  "name": "MDVSA-2012:035",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
                },
                {
                  "name": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
                },
                {
                  "name": "[file] 20120221 file-5.11 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2012/000914.html"
                },
                {
                  "name": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
                },
                {
                  "name": "USN-2123-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2123-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1571",
        "datePublished": "2012-07-17T21:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2025-12-04T20:31:00.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2009-3930 (GCVE-0-2009-3930)

    Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://mx.gw.com/pipermail/file/2009/000382.html mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/37074 vdb-entryx_refsource_BID
    Date Public
    2009-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[file] 20090504 file-5.02 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2009/000382.html"
              },
              {
                "name": "37074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37074"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-11-24T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[file] 20090504 file-5.02 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2009/000382.html"
            },
            {
              "name": "37074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37074"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3930",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[file] 20090504 file-5.02 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2009/000382.html"
                },
                {
                  "name": "37074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37074"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3930",
        "datePublished": "2009-11-10T19:00:00.000Z",
        "dateReserved": "2009-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1515 (GCVE-0-2009-1515)

    Vulnerability from cvelistv5 – Published: 2009-05-04 16:12 – Updated: 2024-08-07 05:13
    VLAI
    Summary
    Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:13:25.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2009:129",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
              },
              {
                "name": "34745",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34745"
              },
              {
                "name": "[file] 20090501 file 5.01 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
              },
              {
                "name": "34881",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34881"
              },
              {
                "name": "54100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/54100"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-06-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDVSA-2009:129",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
            },
            {
              "name": "34745",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34745"
            },
            {
              "name": "[file] 20090501 file 5.01 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
            },
            {
              "name": "34881",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34881"
            },
            {
              "name": "54100",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/54100"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1515",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2009:129",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
                },
                {
                  "name": "34745",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34745"
                },
                {
                  "name": "[file] 20090501 file 5.01 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
                },
                {
                  "name": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
                },
                {
                  "name": "34881",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34881"
                },
                {
                  "name": "54100",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/54100"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1515",
        "datePublished": "2009-05-04T16:12:00.000Z",
        "dateReserved": "2009-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:13:25.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1092 (GCVE-0-2003-1092)

    Vulnerability from cvelistv5 – Published: 2005-03-10 05:00 – Updated: 2024-08-08 02:12
    VLAI
    Summary
    Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/7009 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/100937 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/313847 vendor-advisoryx_refsource_OPENPKG
    Date Public
    2003-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:36.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "file-afctr-memory-allocation(11488)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488"
              },
              {
                "name": "7009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7009"
              },
              {
                "name": "VU#100937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/100937"
              },
              {
                "name": "OpenPKG-SA-2003.017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENPKG",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/313847"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unknown vulnerability in the \"Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to \"a memory allocation problem,\" has unknown impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "file-afctr-memory-allocation(11488)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488"
            },
            {
              "name": "7009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7009"
            },
            {
              "name": "VU#100937",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/100937"
            },
            {
              "name": "OpenPKG-SA-2003.017",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENPKG"
              ],
              "url": "http://www.securityfocus.com/archive/1/313847"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1092",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unknown vulnerability in the \"Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to \"a memory allocation problem,\" has unknown impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "file-afctr-memory-allocation(11488)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488"
                },
                {
                  "name": "7009",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7009"
                },
                {
                  "name": "VU#100937",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/100937"
                },
                {
                  "name": "OpenPKG-SA-2003.017",
                  "refsource": "OPENPKG",
                  "url": "http://www.securityfocus.com/archive/1/313847"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1092",
        "datePublished": "2005-03-10T05:00:00.000Z",
        "dateReserved": "2005-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:12:36.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }