Debian Security Advisory

DLA-27-1 file -- LTS security update

Date Reported:
31 Jul 2014
Affected Packages:
file
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487.
More information:

Fix various denial of service attacks:

  • CVE-2014-3487

    The cdf_read_property_info function does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

  • CVE-2014-3480

    The cdf_count_chain function in cdf.c in does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

  • CVE-2014-3479

    The cdf_check_stream_offset function in cdf.c relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

  • CVE-2014-3478

    Buffer overflow in the mconvert function in softmagic.c allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

  • CVE-2014-0238

    The cdf_read_property_info function in cdf.c allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

  • CVE-2014-0237

    The cdf_unpack_summary_info function in cdf.c allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

  • CVE-2014-0207

    The cdf_read_short_sector function in cdf.c allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

For Debian 6 Squeeze, these issues have been fixed in file version 5.04-5+squeeze6