Product:

File

(File_project)
Repositories https://github.com/file/file
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2023-08-22 CVE-2022-48554 File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. Debian_linux, File 5.5
2019-10-21 CVE-2019-18218 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Ubuntu_linux, Debian_linux, Fedora, File, Active_iq_unified_manager, Leap 7.8
2014-03-14 CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Ubuntu_linux, Debian_linux, File, Opensuse, Php N/A
2014-07-09 CVE-2014-3479 The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. Debian_linux, File, Opensuse, Linux, Php N/A
2014-07-09 CVE-2014-3480 The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. Debian_linux, File, Opensuse, Linux, Php N/A
2014-07-09 CVE-2014-3487 The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. Debian_linux, File, Opensuse, Linux, Php N/A
2019-02-18 CVE-2019-8905 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Ubuntu_linux, Debian_linux, File, Leap 4.4
2019-02-18 CVE-2019-8906 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, File, Leap 4.4
2018-06-11 CVE-2018-10360 The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Ubuntu_linux, File, Leap 6.5
2019-02-18 CVE-2019-8907 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Ubuntu_linux, Debian_linux, File, Leap 8.8