Red Hat Bugzilla – Bug 1091842
CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check
Last modified: 2018-01-29 20:02:54 EST
Invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format (CDF) files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash.
This CVE was assigned to an incorrect boundary check in the cdf_read_short_sector() function. The issue was corrected as part of this upstream commit: https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0 The boundary check was added as part of the CVE-2012-1571 fix (see bug 805197). The CVE-2014-0207 is really an incomplete / insufficient CVE-2012-1571 fix CVE and hence does not affected file packages in Red Hat Enterprise Linux 6, and php53 packages in Red Hat Enterprise Linux 5 and php packages in Red Hat Enterprise Linux 6, which did not get the incomplete fix applied. Future updates addressing CVE-2012-1571 will use complete fix.
Acknowledgments: This issue was discovered by Francisco Alonso of Red Hat Product Security.
PHP upstream bug https://bugs.php.net/67326
Created php tracking bugs for this issue: Affects: fedora-all [bug 1114441]
Created file tracking bugs for this issue: Affects: fedora-all [bug 1114440]
file-5.19-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Statement: This issue does not affect the file, php, or php53 packages in Red Hat Enterprise Linux 5 and 6. This issue affects the file package in Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update my address this flaw.
IssueDescription: A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1013 https://rhn.redhat.com/errata/RHSA-2014-1013.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html