Headline
CVE-2014-2270: crashes when checking softmagic for some corrupt PE executables
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
oss-sec mailing list archives****Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables
From: “mancha” <mancha1 () hush com>
Date: Wed, 05 Mar 2014 18:29:22 +0000
On Wed, 05 Mar 2014 17:08:17 +0000 cve-assign () mitre org wrote:
file can be made to crash when checking some corrupt PE executables, and so could be used to mount a denial of service for file, or an application using file/libmagic.
http://bugs.gw.com/view.php?id=313 https://github.com/glensc/file/commit/447558595a3650db2886cd
Use CVE-2014-2270.
CVE Assignment Team, et al. -
The initial fix for this problem [1] had an off-by-one flaw that has since been corrected [2].
I am unsure of the policy regarding the issuance of new CVE identifiers associated with incomplete/flawed fixes associated with previously allocated CVEs. But, in this particular case file 5.17 shipped with [1] and not [2].
–mancha
[1] https://github.com/file/file/commit/447558595a36 [2] https://github.com/file/file/commit/70c65d2e1841
Current thread:
CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 03)
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign (Mar 05)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 05)
- Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign (Mar 05)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Stuart Henderson (Mar 13)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 05)
<Possible follow-ups>
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables mancha (Mar 05)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Remi Collet (Mar 06)
Related news
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.