MGASA-2014-0307
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 05 Aug 2014, 20:08
Last modified:16 Apr 2026, 06:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Aug 2014, 20:08
Published
Vulnerability first disclosed
16 Apr 2026, 06:24
Last Modified
Vulnerability information updated
Description
Updated file packages fix security vulnerability file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The Mageia 3 update also fixes a possible crash in softmagic.c due to an improperly rediffed patch for a memory leak in a previous update (mga#13701).
Affected Systems
- mageia•file
< 5.12-8.6.mga3
- mageia•file
< 5.16-1.5.mga4