5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.7 High
AI Score
Confidence
High
0.08 Low
EPSS
Percentile
94.3%
Package : file
Version : 5.04-5+squeeze7
CVE ID : CVE-2014-3538 CVE-2014-3587
Debian Bug : -
CVE-2014-3538
file does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a
denial of service (CPU consumption).
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in
cdf.c allows remote attackers to cause a denial of service
(application crash).
Note: The other seven issues for wheezy, fixed in 5.11-2+deb7u4
(DSA-3021-1), were already handled in 5.04-5+squeeze6 (DLA 27-1) in
July 2014. Also, as an amendment, as a side effect of the changes
done back then then, the MIME type detection of some files had
improved from "application/octet-stream" to something more specific
like "application/x-dosexec" or "application/x-iso9660-image".
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | mipsel | php5-common | < 5.4.4-14+deb7u13 | php5-common_5.4.4-14+deb7u13_mipsel.deb |
Debian | 7 | armel | php5-fpm | < 5.4.4-14+deb7u13 | php5-fpm_5.4.4-14+deb7u13_armel.deb |
Debian | 7 | ia64 | php5-cgi | < 5.4.4-14+deb7u13 | php5-cgi_5.4.4-14+deb7u13_ia64.deb |
Debian | 7 | powerpc | php5-curl | < 5.4.4-14+deb7u13 | php5-curl_5.4.4-14+deb7u13_powerpc.deb |
Debian | 7 | mips | php5-sybase | < 5.4.4-14+deb7u13 | php5-sybase_5.4.4-14+deb7u13_mips.deb |
Debian | 7 | s390x | libphp5-embed | < 5.4.4-14+deb7u13 | libphp5-embed_5.4.4-14+deb7u13_s390x.deb |
Debian | 7 | s390 | php5-gmp | < 5.4.4-14+deb7u13 | php5-gmp_5.4.4-14+deb7u13_s390.deb |
Debian | 7 | sparc | file | < 5.11-2+deb7u4 | file_5.11-2+deb7u4_sparc.deb |
Debian | 7 | armel | php5-enchant | < 5.4.4-14+deb7u13 | php5-enchant_5.4.4-14+deb7u13_armel.deb |
Debian | 7 | s390 | php5-mysql | < 5.4.4-14+deb7u13 | php5-mysql_5.4.4-14+deb7u13_s390.deb |