MGASA-2014-0252

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0252.html

Import Source

https://advisories.mageia.org/MGASA-2014-0252.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0252

Related

Published

2014-06-06T05:52:39Z

Modified

2014-06-06T05:52:27Z

Summary

Updated file packages fix CVE-2014-0237-8

Details

Updated file packages fix security vulnerabilities:

A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo() function unnecessarily repeatedly read the info from the same offset. This led to many fileprintf() calls in cdffileproperty_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).

A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / file

Package

Name: file
Purl: pkg:rpm/mageia/file?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.16-1.3.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / file

Package

Name: file
Purl: pkg:rpm/mageia/file?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12-8.4.mga3

Ecosystem specific

{
    "section": "core"
}