Search for vulnerabilities
Vulnerability details: VCID-scjc-2pkm-aaan
Vulnerability ID VCID-scjc-2pkm-aaan
Aliases CVE-2014-2270
Summary softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-190 Integer Overflow or Wraparound
CWE-125 Out-of-bounds Read
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1012
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1606
rhas Important https://access.redhat.com/errata/RHSA-2014:1765
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.3696 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.37288 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.42713 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.43034 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.94887 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.94887 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.94887 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
epss 0.95863 https://api.first.org/data/v1/epss?cve=CVE-2014-2270
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1072220
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2014-2270
generic_textual Low http://www.debian.org/security/2014/dsa-2873
generic_textual Low http://www.php.net/ChangeLog-5.php
Reference id Reference type URL
http://bugs.gw.com/view.php?id=313
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2270.json
https://api.first.org/data/v1/epss?cve=CVE-2014-2270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://seclists.org/oss-sec/2014/q1/473
http://seclists.org/oss-sec/2014/q1/504
http://seclists.org/oss-sec/2014/q1/505
https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801
https://security.gentoo.org/glsa/201503-08
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2873
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-2162-1
http://www.ubuntu.com/usn/USN-2163-1
1072220 https://bugzilla.redhat.com/show_bug.cgi?id=1072220
740960 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740960
cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*
cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:tim_robbins:libmagic:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tim_robbins:libmagic:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
CVE-2014-2270 https://nvd.nist.gov/vuln/detail/CVE-2014-2270
GLSA-201408-11 https://security.gentoo.org/glsa/201408-11
RHSA-2014:1012 https://access.redhat.com/errata/RHSA-2014:1012
RHSA-2014:1606 https://access.redhat.com/errata/RHSA-2014:1606
RHSA-2014:1765 https://access.redhat.com/errata/RHSA-2014:1765
USN-2162-1 https://usn.ubuntu.com/2162-1/
USN-2163-1 https://usn.ubuntu.com/2163-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-2270
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96938
EPSS Score 0.3696
Published At June 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.