CVE-2014-2270

Publication date 14 March 2014

Last updated 24 July 2024

Ubuntu priority

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
file	13.10 saucy	Fixed 5.11-2ubuntu4.2
	12.10 quantal	Fixed 5.11-2ubuntu0.2
	12.04 LTS precise	Fixed 5.09-2ubuntu0.3
	10.04 LTS lucid	Fixed 5.03-5ubuntu1.2
php5	13.10 saucy	Fixed 5.5.3+dfsg-1ubuntu2.3
	12.10 quantal	Fixed 5.4.6-1ubuntu1.8
	12.04 LTS precise	Fixed 5.3.10-1ubuntu3.11
	10.04 LTS lucid	Fixed 5.3.2-1ubuntu4.24

Notes

mdeslaur

see regression fix in DSA-2873-2 The regression in the debian package is caused by a fix for a different issue which does not seem to have a CVE number: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742262 (file regression 1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742265 (file regression 2)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
file	Upstream: 4475585 Upstream: 70c65d2
php5	Upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f

CVE-2014-2270

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references