Note:
This project will be discontinued after December 13, 2021. [more]
Product:
File
(File_project)| Repositories | https://github.com/file/file |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-22 | CVE-2022-48554 | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | Debian_linux, File | 5.5 | ||
| 2019-10-21 | CVE-2019-18218 | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | Ubuntu_linux, Debian_linux, Fedora, File, Active_iq_unified_manager, Leap | 7.8 | ||
| 2014-03-14 | CVE-2014-2270 | softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. | Ubuntu_linux, Debian_linux, File, Opensuse, Php | N/A | ||
| 2014-07-09 | CVE-2014-3479 | The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. | Debian_linux, File, Opensuse, Linux, Php | N/A | ||
| 2014-07-09 | CVE-2014-3480 | The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | Debian_linux, File, Opensuse, Linux, Php | N/A | ||
| 2014-07-09 | CVE-2014-3487 | The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | Debian_linux, File, Opensuse, Linux, Php | N/A | ||
| 2019-02-18 | CVE-2019-8905 | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | Ubuntu_linux, Debian_linux, File, Leap | 4.4 | ||
| 2019-02-18 | CVE-2019-8906 | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, File, Leap | 4.4 | ||
| 2018-06-11 | CVE-2018-10360 | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | Ubuntu_linux, File, Leap | 6.5 | ||
| 2019-02-18 | CVE-2019-8907 | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | Ubuntu_linux, Debian_linux, File, Leap | 8.8 |