file

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description File type identification utility
Version 5.46-2 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1083 5.37-1 5.38-1 High Fixed FS#64430
AVG-907 5.35-1 5.36-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-18218 AVG-1083 High No Arbitrary code execution
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte...
CVE-2019-8907 AVG-907 Medium Yes Denial of service
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or...
CVE-2019-8906 AVG-907 Medium Yes Information disclosure
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of- bounds read because memcpy is misused.
CVE-2019-8905 AVG-907 High No Information disclosure
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVE-2019-8904 AVG-907 High No Information disclosure
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

Advisories

Date Advisory Group Severity Type
09 Jan 2020 ASA-202001-2 AVG-1083 High arbitrary code execution
03 Mar 2019 ASA-201903-5 AVG-907 High multiple issues