MGASA-2014-0252

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2014-0237 CVE-2014-0238

Published: 06 Jun 2014, 05:52

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Jun 2014, 05:52

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated file packages fix CVE-2014-0237-8 Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238).

Affected Systems

mageia•file
< 5.12-8.4.mga3
mageia•file
< 5.16-1.3.mga4

MGASA-2014-0252

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)