AVG-907 log

Package file
Status Fixed
Severity High
Type multiple issues
Affected 5.35-1
Fixed 5.36-1
Current 5.46-5 [core]
Ticket None
Created Mon Feb 18 21:37:55 2019
Issue Severity Remote Type Description
CVE-2019-8907 Medium Yes Denial of service 
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or...
CVE-2019-8906 Medium Yes Information disclosure 
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of- bounds read because memcpy is misused.
CVE-2019-8905 High No Information disclosure 
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVE-2019-8904 High No Information disclosure 
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
Date Advisory Package Type
03 Mar 2019 ASA-201903-5 file multiple issues