Debian Security Advisory
DLA-27-1 file -- LTS security update
- Date Reported:
- 31 Jul 2014
- Affected Packages:
- file
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487.
- More information:
-
Fix various denial of service attacks:
- CVE-2014-3487
The cdf_read_property_info function does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
- CVE-2014-3480
The cdf_count_chain function in cdf.c in does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
- CVE-2014-3479
The cdf_check_stream_offset function in cdf.c relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
- CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
- CVE-2014-0238
The cdf_read_property_info function in cdf.c allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
- CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
- CVE-2014-0207
The cdf_read_short_sector function in cdf.c allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
For Debian 6
Squeeze
, these issues have been fixed in file version 5.04-5+squeeze6 - CVE-2014-3487