Unrated severityNVD Advisory· Published Jul 3, 2014· Updated May 6, 2026

CVE-2014-3538

Description

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Affected products

Christos Zoulas/File19 versions
cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*range: <=5.18
- cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*
- cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*
PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=5.4.0,<5.4.32
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdPatchThird Party Advisory
github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610nvdPatchThird Party Advisory
github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320nvdExploitPatchThird Party Advisory
github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668nvdExploitPatchThird Party Advisory
github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3nvdExploitPatchThird Party Advisory
github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991nvdExploitPatchThird Party Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdMailing ListThird Party Advisory
openwall.com/lists/oss-security/2014/06/30/7nvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1327.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0760.htmlnvdThird Party Advisory
secunia.com/advisories/60696nvdThird Party Advisory
www.debian.org/security/2014/dsa-3008nvdThird Party Advisory
www.debian.org/security/2014/dsa-3021nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvdThird Party Advisory
www.securityfocus.com/bid/68348nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
support.apple.com/HT204659nvdThird Party Advisory
mx.gw.com/pipermail/file/2014/001553.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000