{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-13T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2014:0367", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"}, {"name": "[file] 20140211 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mx.gw.com/pipermail/file/2014/001330.html"}, {"name": "[file] 20142010 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mx.gw.com/pipermail/file/2014/001327.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-5.php"}, {"name": "[file] 20140213 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mx.gw.com/pipermail/file/2014/001337.html"}, {"name": "openSUSE-SU-2014:0364", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT6443"}, {"name": "RHSA-2014:1765", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"name": "[file] 20140211 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mx.gw.com/pipermail/file/2014/001334.html"}, {"name": "USN-2126-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2126-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"}, {"name": "DSA-2868", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2868"}, {"name": "USN-2123-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2123-1"}, {"name": "DSA-2861", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2861"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:0367", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"}, {"name": "[file] 20140211 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001330.html"}, {"name": "[file] 20142010 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001327.html"}, {"name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php"}, {"name": "[file] 20140213 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001337.html"}, {"name": "openSUSE-SU-2014:0364", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"}, {"name": "http://support.apple.com/kb/HT6443", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6443"}, {"name": "RHSA-2014:1765", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"name": "[file] 20140211 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001334.html"}, {"name": "USN-2126-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2126-1"}, {"name": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog", "refsource": "CONFIRM", "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"}, {"name": "DSA-2868", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2868"}, {"name": "USN-2123-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2123-1"}, {"name": "DSA-2861", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2861"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.828Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:0367", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"}, {"name": "[file] 20140211 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mx.gw.com/pipermail/file/2014/001330.html"}, {"name": "[file] 20142010 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mx.gw.com/pipermail/file/2014/001327.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-5.php"}, {"name": "[file] 20140213 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mx.gw.com/pipermail/file/2014/001337.html"}, {"name": "openSUSE-SU-2014:0364", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT6443"}, {"name": "RHSA-2014:1765", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"name": "[file] 20140211 segfault in magic_buffer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mx.gw.com/pipermail/file/2014/001334.html"}, {"name": "USN-2126-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2126-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"}, {"name": "DSA-2868", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2868"}, {"name": "USN-2123-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2123-1"}, {"name": "DSA-2861", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2861"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1943", "datePublished": "2014-02-18T19:00:00", "dateReserved": "2014-02-10T00:00:00", "dateUpdated": "2024-08-06T09:58:15.828Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fine_free_file_project:fine_free_file:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E4DA46-13D2-45E6-83E2-E10C43DDCDF3", "versionEndExcluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2384D47-CED8-4884-8A17-A7FC132F696D", "versionEndExcluding": "5.4.26", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8ED3B2D-7952-49A4-A253-3B566A648E1D", "versionEndExcluding": "5.5.10", "versionStartIncluding": "5.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file."}, {"lang": "es", "value": "Fine Free File anterior a 5.17 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (recursi\u00f3n infinita, consumo de CPU y ca\u00edda) a trav\u00e9s de un valor manipulado de desplazamiento indirecto en el \"magic\" de un archivo."}], "id": "CVE-2014-1943", "lastModified": "2022-10-31T15:00:03.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-18T19:55:04.377", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Tool Signature"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Tool Signature"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://mx.gw.com/pipermail/file/2014/001327.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://mx.gw.com/pipermail/file/2014/001330.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://mx.gw.com/pipermail/file/2014/001334.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://mx.gw.com/pipermail/file/2014/001337.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT6443"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2861"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2868"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.php.net/ChangeLog-5.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2123-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2126-1"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1012", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "php53-0:5.3.3-23.el5_10", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-08-06T00:00:00Z"}, {"advisory": "RHSA-2014:1012", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "php-0:5.3.3-27.el6_5.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-08-06T00:00:00Z"}, {"advisory": "RHSA-2014:1606", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "file-0:5.04-21.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "php54-php-0:5.4.16-22.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2014-10-30T00:00:00Z"}], "bugzilla": {"description": "file: unrestricted recursion in handling of indirect type rules", "id": "1065836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065836"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-835", "details": ["Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.", "A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU."], "name": "CVE-2014-1943", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "cdrtools", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "file", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "rpm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "file", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}], "public_date": "2014-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1943\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1943"], "statement": "This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.", "threat_severity": "Moderate", "upstream_fix": "php 5.5.10, file 5.17"}