MGASA-2015-0030

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2014-9620 CVE-2014-9621

Published: 19 Jan 2015, 16:47

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jan 2015, 16:47

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated file packages fix security vulnerabilities Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers (CVE-2014-9620, CVE-2014-9621). As part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in messages like "recursion limit exceeded" or "too many program header sections". To mitigate such shortcomings, these limits are controllable by a new -P, --parameter option in the file program.

Affected Systems

mageia•file
< 5.16-1.10.mga4

MGASA-2015-0030

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)