Red Hat Security Advisory 2016-0760-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU.
74c1ca1ed93125f94be406547b097bf1860154407ec1d26cb056d56739aed076Red Hat Security Advisory 2015-2155-07 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.
04a6ee9092dd32d61ea6bb3d141cce1697e5330904bf01426b4f34fcc545167fMandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.
c10e025ba97f4a2c50f16a7bf42fdd55255bca05fae063bbdc4d60c7452dc956Ubuntu Security Notice 2494-1 - Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.
a0172d45fde45339ba18deb09206dc0648821b862540859d68b1e3108eff0aaeMandriva Linux Security Advisory 2015-010 - Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption. Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled recursion. The updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues.
c6d3fb8e2291256c2ffa7ebc18c2e2af6b1ff1fb6c29df7b6b03169b2851ffd3Debian Linux Security Advisory 3121-1 - Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files.
e084d5bbc81a1211023a31b18f84e2054ac2d83d2a0737a8ebee603cde4bfb21FreeBSD Security Advisory - There are a number of denial of service issues in the ELF parser used by file(1). An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service.
b3c86563443440c0a63c72d371e0e3740488a52fe75cb515eb7c477b4f129c5f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed