Vigil@nce - Fine Free file: two vulnerabilities of ELF
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of ELF of Fine Free
file.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 16/12/2014
DESCRIPTION OF THE VULNERABILITY
The Fine Free file (libmagic) program analyzes files, in order to
automatically recognize their type. Several vulnerabilities were
announced in Fine Free file.
An attacker can generate numerous errors, in order to trigger a
denial of service. [severity:1/4; CVE-2014-8116]
An attacker can generate an infinite recursion, in order to
trigger a denial of service. [severity:1/4; CVE-2014-8117]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Fine-Free-file-two-vulnerabilities-of-ELF-15813