CVE-2014-8116

NONE
Published Dec 17, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 17, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-399

Affected Products 7

VendorProductVersionRange
file_projectfile5.20any
freebsdfreebsd*any
mageiamageia4.0any
canonicalubuntu_linux10.04any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux14.10any

References 14

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2015-0040.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-0760.html
  • seclists.org http://seclists.org/oss-sec/2014/q4/1056
    Mailing ListThird Party Advisory
  • secunia.com http://secunia.com/advisories/61944
  • secunia.com http://secunia.com/advisories/62081
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
  • securityfocus.com http://www.securityfocus.com/bid/71700
  • securitytracker.com http://www.securitytracker.com/id/1031344
    Third Party AdvisoryVDB Entry
  • ubuntu.com http://www.ubuntu.com/usn/USN-2494-1
    Third Party Advisory
  • github.com https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
    Issue TrackingPatch
  • github.com https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8
    Issue TrackingPatch
  • github.com https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
    Issue TrackingPatch
  • freebsd.org https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
    Vendor Advisory

Remediation

  • github.com https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
    Issue TrackingPatch
  • github.com https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8
    Issue TrackingPatch
  • github.com https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
    Issue TrackingPatch