PublicDateAtUSN: 2014-03-14
Candidate: CVE-2014-2270
PublicDate: 2014-03-14 15:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
 http://seclists.org/oss-sec/2014/q1/473
 https://ubuntu.com/security/notices/USN-2162-1
 https://ubuntu.com/security/notices/USN-2163-1
Description:
 softmagic.c in file before 5.17 and libmagic allows context-dependent
 attackers to cause a denial of service (out-of-bounds memory access and
 crash) via crafted offsets in the softmagic of a PE executable.
Ubuntu-Description: 
Notes: 
 mdeslaur> see regression fix in DSA-2873-2
 mdeslaur> The regression in the debian package is caused by a fix for
 mdeslaur> a different issue which does not seem to have a CVE number:
 mdeslaur> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993
 mdeslaur> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742262 (file regression 1)
 mdeslaur> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742265 (file regression 2)
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740960 (php)
 https://bugs.php.net/bug.php?id=66820
 http://bugs.gw.com/view.php?id=313
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_php5:
 upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f
upstream_php5: released (5.5.10)
lucid_php5: released (5.3.2-1ubuntu4.24)
precise_php5: released (5.3.10-1ubuntu3.11)
quantal_php5: released (5.4.6-1ubuntu1.8)
saucy_php5: released (5.5.3+dfsg-1ubuntu2.3)
devel_php5: released (5.5.9+dfsg-1ubuntu3)

Patches_file:
 upstream: https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801
 upstream: https://github.com/file/file/commit/70c65d2e1841491f59168db1f905e8b14083fb1c
upstream_file: needs-triage
lucid_file: released (5.03-5ubuntu1.2)
precise_file: released (5.09-2ubuntu0.3)
quantal_file: released (5.11-2ubuntu0.2)
saucy_file: released (5.11-2ubuntu4.2)
devel_file: released (1:5.14-2ubuntu3)