mailing list archives
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables
From: "mancha" <mancha1 () hush com>
Date: Wed, 05 Mar 2014 18:29:22 +0000
On Wed, 05 Mar 2014 17:08:17 +0000 cve-assign () mitre org wrote:
file can be made to crash when checking some corrupt PE
executables, and so could be used to mount a denial of service
for file, or an application using file/libmagic.
CVE Assignment Team, et al. -
The initial fix for this problem  had an off-by-one flaw
that has since been corrected .
I am unsure of the policy regarding the issuance of new CVE
identifiers associated with incomplete/flawed fixes associated
with previously allocated CVEs. But, in this particular case
file 5.17 shipped with  and not .