MidnightBSD

Advisories for christos_zoulas

CVE-2003-1092 HIGH

Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
christos_zoulas file_1 3.28
christos_zoulas file_1 3.36
christos_zoulas file_1 3.33
christos_zoulas file_1 3.40
christos_zoulas file_1 3.32
christos_zoulas file_1 3.34
christos_zoulas file_1 3.35
christos_zoulas file_1 3.39
christos_zoulas file_1 3.37
christos_zoulas file_1 3.30
CVE-2012-1571 MEDIUM

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
tim_robbins libmagic *
christos_zoulas file *
CVE-2013-7345 MEDIUM

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
christos_zoulas file *
debian debian_linux 7.0
php php *
debian debian_linux 6.0
debian debian_linux 8.0
CVE-2014-0207 MEDIUM

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-20,

Products Affected

Vendor Product Version
christos_zoulas file *
opensuse opensuse 11.4
debian debian_linux 7.0
oracle linux 7
php php *
debian debian_linux 8.0
CVE-2014-3478 MEDIUM

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
christos_zoulas file 5.13
php php 5.5.1
php php 5.5.8
christos_zoulas file 5.07
christos_zoulas file 5.09
christos_zoulas file 5.17
php php 5.4.21
christos_zoulas file 5.10
php php 5.4.27
christos_zoulas file 5.08
php php 5.4.5
php php 5.5.2
php php 5.5.13
christos_zoulas file 5.00
php php 5.4.19
christos_zoulas file 5.12
php php 5.5.5
php php 5.5.4
php php 5.4.4
php php 5.4.25
php php 5.5.10
php php *
php php 5.4.24
php php 5.4.2
php php 5.4.18
php php 5.4.3
christos_zoulas file 5.02
christos_zoulas file 5.14
php php 5.4.16
php php 5.5.9
php php 5.4.22
php php 5.4.15
php php 5.4.10
php php 5.4.12
christos_zoulas file 5.03
christos_zoulas file 5.01
christos_zoulas file 5.04
php php 5.4.14
php php 5.4.23
php php 5.5.0
christos_zoulas file 5.11
php php 5.5.3
christos_zoulas file 5.15
christos_zoulas file *
php php 5.5.6
php php 5.4.9
php php 5.4.13
php php 5.4.26
christos_zoulas file 5.05
php php 5.5.11
php php 5.5.12
christos_zoulas file 5.16
php php 5.4.7
php php 5.4.11
php php 5.4.20
php php 5.4.0
php php 5.5.7
php php 5.4.17
php php 5.4.1
php php 5.4.28
php php 5.4.8
christos_zoulas file 5.06
php php 5.4.6
CVE-2014-3538 MEDIUM

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
christos_zoulas file 5.11
christos_zoulas file 5.13
christos_zoulas file 5.15
christos_zoulas file *
christos_zoulas file 5.02
christos_zoulas file 5.14
christos_zoulas file 5.05
christos_zoulas file 5.07
christos_zoulas file 5.09
christos_zoulas file 5.17
debian debian_linux 8.0
christos_zoulas file 5.10
christos_zoulas file 5.16
christos_zoulas file 5.08
christos_zoulas file 5.00
debian debian_linux 7.0
christos_zoulas file 5.03
christos_zoulas file 5.12
christos_zoulas file 5.01
christos_zoulas file 5.04
php php *
christos_zoulas file 5.06
CVE-2014-3587 MEDIUM

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
christos_zoulas file 5.13
php php 5.5.1
php php 5.5.8
christos_zoulas file 5.07
christos_zoulas file 5.09
christos_zoulas file 5.17
php php 5.4.21
php php 5.4.30
christos_zoulas file 5.10
php php 5.4.27
christos_zoulas file 5.08
php php 5.4.5
php php 5.5.2
php php 5.5.13
christos_zoulas file 5.00
php php 5.4.19
christos_zoulas file 5.12
php php 5.5.5
php php 5.5.4
php php 5.4.4
php php 5.4.25
php php 5.5.10
php php *
php php 5.4.24
php php 5.4.2
php php 5.4.18
php php 5.4.3
christos_zoulas file 5.18
christos_zoulas file 5.02
christos_zoulas file 5.14
php php 5.4.16
php php 5.5.9
php php 5.4.22
php php 5.4.15
php php 5.4.10
php php 5.4.12
christos_zoulas file 5.03
christos_zoulas file 5.01
christos_zoulas file 5.04
php php 5.4.14
php php 5.4.23
php php 5.5.0
christos_zoulas file 5.11
php php 5.5.15
php php 5.5.3
christos_zoulas file 5.15
christos_zoulas file *
php php 5.5.6
php php 5.4.9
php php 5.4.13
php php 5.4.26
christos_zoulas file 5.05
php php 5.5.11
php php 5.5.12
christos_zoulas file 5.16
php php 5.5.14
php php 5.4.7
php php 5.4.11
php php 5.4.20
php php 5.4.0
php php 5.5.7
php php 5.4.17
php php 5.4.1
php php 5.4.28
php php 5.4.8
christos_zoulas file 5.06
php php 5.4.29
php php 5.4.6