[arch-security] [Arch Linux Security Advisory ASA-201411-9] file: denial of service through out-of-bounds read
anthraxx at archlinux.org
Wed Nov 12 21:28:59 UTC 2014
Arch Linux Security Advisory ASA-201411-9
Date : 2014-11-12
CVE-ID : CVE-2014-3710
Package : file
Type : denial of service through out-of-bounds read
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE-2014
The package file before version 5.20-2 is vulnerable to denial of
service through out-of-bounds read.
Upgrade to 5.20-2.
# pacman -Syu "file>=5.20-2"
The problems have been fixed upstream  but no release version is
An out-of-bounds read flaw was found in file's donote() function in the
way the file utility determined the note headers of a elf file. This
could possibly lead to file executable crash.
A specially crafted elf file may lead to out-of-bounds read while
parsing the note headers and lead to file executable crash. As readelf
in file is widely used this could possibly lead to denial of service of
middleware relying on it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security