AVG-907

Package file
Status Fixed
Severity High
Type multiple issues
Affected 5.35-1
Fixed 5.36-1
Current 5.37-2 [core]
Ticket None
Created Mon Feb 18 21:37:55 2019
Issue Severity Remote Type Description
CVE-2019-8907 Medium Yes Denial of service
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or...
CVE-2019-8906 Medium Yes Information disclosure
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of- bounds read because memcpy is misused.
CVE-2019-8905 High No Information disclosure
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVE-2019-8904 High No Information disclosure
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
Date Advisory Package Description
03 Mar 2019 ASA-201903-5 file multiple issues