Advisories ยป MGASA-2014-0354

Updated file packages fix CVE-2014-3587

Publication date: 26 Aug 2014
Modification date: 26 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3587

Description

Updated file packages fix security vulnerability:

A flaw was found in the way file uses cdf_read_property_info function when
checks stream offsets for certain Composite Document Format (CDF). An
insufficient input validation flaw for p and q minimal and maximal value,
leads to a pointer overflow. This issue only affects 32bit systems
(CVE-2014-3587).
                

References

SRPMS

4/core

3/core