FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)

Affected packages
10.0 <= FreeBSD < 10.0_6
9.2 <= FreeBSD < 9.2_9
9.1 <= FreeBSD < 9.1_16
8.4 <= FreeBSD < 8.4_13

Details

VuXML ID 70140f20-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-06-24
Entry 2016-08-11

Problem Description:

A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. [CVE-2012-1571]

A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. [CVE-2013-7345]

A malicious input file could trigger infinite recursion in libmagic(3). [CVE-2014-1943]

A specifically crafted Portable Executable (PE) can trigger out-of-bounds read. [CVE-2014-2270]

Impact:

An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can the application to crash or consume excessive CPU resources, resulting in a denial-of-service.

References

CVE Name CVE-2012-1571
CVE Name CVE-2013-7345
CVE Name CVE-2014-1943
CVE Name CVE-2014-2270
FreeBSD Advisory SA-14:16.file