CVE-2014-3480

Name of the Vulnerable Software and Affected Versions file versions prior to 5.19 Red Hat Enterprise Linux file-static-5.04 Red Hat Enterprise Linux file-5.04 Red Hat Enterprise Linux file-debuginfo-5.04 Red Hat Enterprise Linux file-libs-5.04 Red Hat Enterprise Linux file-devel-5.04 Debian GNU/Linux file

Description The issue is related to multiple vulnerabilities in the file package, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The cdf count chain function in cdf.c does not properly validate sector-count data, allowing remote attackers to cause a denial of service via a crafted CDF file.

Recommendations For file versions prior to 5.19, update to version 5.19 or later. For Red Hat Enterprise Linux file-static-5.04, file-5.04, file-debuginfo-5.04, file-libs-5.04, and file-devel-5.04, update to a version that is not affected by these vulnerabilities. For Debian GNU/Linux file, update to a version that is not affected by these vulnerabilities. As a temporary workaround, consider restricting access to the cdf count chain function in cdf.c until a patch is available.