file

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description File type identification utility
Version 5.37-5 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-907 5.35-1 5.36-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-8907 AVG-907 Medium Yes Denial of service
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or...
CVE-2019-8906 AVG-907 Medium Yes Information disclosure
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of- bounds read because memcpy is misused.
CVE-2019-8905 AVG-907 High No Information disclosure
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVE-2019-8904 AVG-907 High No Information disclosure
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

Advisories

Date Advisory Group Severity Description
03 Mar 2019 ASA-201903-5 AVG-907 High multiple issues