softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

MarcosMeli / FileHelpers

The FileHelpers are a free and easy to use .NET library to read/write data from fixed length or delimited records in files, strings or streams

https://www.filehelpers.net

MIT License

1.13k stars 349 forks source link

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. #400

Closed marco-carvalho closed 3 years ago

marco-carvalho commented 3 years ago

Hi, I'm using http://github.com/jeremylong/DependencyCheck and it reported this message on a project of mine.

Filename: FileHelpers:3.4.2 | Reference: CVE-2014-8117 | CVSS Score: 5.0 | Category: CWE-399 | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

Any help, please?

mcavigelli commented 3 years ago

This looks like a problem in a C-program. We don't have any C-code nor did we have in older versions (at least in the last seven years). Version 3.4.2 is about six months old. We use C# though as our programming language.

Not sure if that is of any help for you. If you still think there is really a problem in our library, do not hesitate to comment on this issue. Thank you, Matthias