CVE-2014-1943

Name: CVE-2014-1943
Creator: NVD / NIST
Published: 2014-02-18T19:55:04.377+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.93%

Last modified Jun 17, 2026

CVE-2014-1943 is a vulnerability of currently unknown severity. Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.. EPSS estimates a 4.93% chance of exploitation in the next 30 days.

Description

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Metrics

EPSS Probability

4.93%

91.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-755

Affected Software

Vendor	Product	Versions
Fine Free File Project	Fine Free File	< 5.17
Php	Php	>= 5.4.0, < 5.4.26
Php	Php	>= 5.5.0, < 5.5.10
Canonical	Ubuntu Linux	10.04
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	12.10
Canonical	Ubuntu Linux	13.10
Debian	Debian Linux	6.0
Debian	Debian Linux	7.0

References

http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.htmlMailing List, Tool Signature
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.htmlMailing List, Tool Signature
http://mx.gw.com/pipermail/file/2014/001327.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001330.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001334.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001337.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://support.apple.com/kb/HT6443Third Party Advisory
http://www.debian.org/security/2014/dsa-2861Third Party Advisory
http://www.debian.org/security/2014/dsa-2868Third Party Advisory
http://www.php.net/ChangeLog-5.phpRelease Notes, Vendor Advisory
http://www.ubuntu.com/usn/USN-2123-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2126-1Third Party Advisory
https://github.com/glensc/file/blob/FILE5_17/ChangeLogRelease Notes, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.htmlMailing List, Tool Signature
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.htmlMailing List, Tool Signature
http://mx.gw.com/pipermail/file/2014/001327.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001330.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001334.htmlBroken Link
http://mx.gw.com/pipermail/file/2014/001337.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://support.apple.com/kb/HT6443Third Party Advisory
http://www.debian.org/security/2014/dsa-2861Third Party Advisory
http://www.debian.org/security/2014/dsa-2868Third Party Advisory
http://www.php.net/ChangeLog-5.phpRelease Notes, Vendor Advisory
http://www.ubuntu.com/usn/USN-2123-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2126-1Third Party Advisory
https://github.com/glensc/file/blob/FILE5_17/ChangeLogRelease Notes, Third Party Advisory

Timeline

Published: Feb 18, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-1943?

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

How severe is CVE-2014-1943?

Severity scoring for CVE-2014-1943 is pending analysis. The EPSS model estimates a 4.93% probability of exploitation in the next 30 days.

How do I fix CVE-2014-1943?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-1943?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST