CVE-2014-1943

Name of the Vulnerable Software and Affected Versions file versions prior to 5.17 file-static-5.04 file-5.04 file-debuginfo-5.04 file-libs-5.04 file-devel-5.04

Description The issue allows context-dependent attackers to cause a denial of service, potentially leading to disruption of protected information availability. This can be achieved through a crafted indirect offset value in the magic of a file, resulting in infinite recursion, CPU consumption, and crash. The exploitation can be carried out remotely.

Recommendations For file versions prior to 5.17, update to version 5.17 or later to resolve the issue. For file-static-5.04, file-5.04, file-debuginfo-5.04, file-libs-5.04, and file-devel-5.04, update to a version that is not affected by this issue, as these specific versions are vulnerable. As a temporary workaround, consider restricting access to the magic of files to minimize the risk of exploitation.