Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201701-42
HistoryJan 17, 2017 - 12:00 a.m.

file: Multiple vulnerabilities

2017-01-1700:00:00
Gentoo Foundation
security.gentoo.org
15

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.5%

JSON

Background

file is a utility that guesses a file format by scanning binary data for patterns.

Description

Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user or automated system to process a specially crafted input file, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All file users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/file-5.23"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/file< 5.23UNKNOWN

Related

nessus 60
openvas 52
cloudfoundry 1
ubuntu 4
debian 9
cve 4
prion 4
hackerone 2
ubuntucve 4
altlinux 1
securityvulns 6
debiancve 4
osv 7
veracode 2
f5 4
mageia 2
amazon 5
fedora 3
archlinux 2
ibm 4
redhat 4
centos 4
suse 3
oraclelinux 4
slackware 1
kaspersky 1
freebsd_advisory 1
freebsd 1
nessus
nessus
GLSA-201701-42 : file: Multiple vulnerabilities
2017-01-18 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : file vulnerabilities (USN-3686-1)
2018-06-15 00:00:00
Debian DSA-3196-1 : file - security update
2015-03-19 00:00:00
openvas
openvas
PHP Multiple Vulnerabilities - 01 (Feb 2015)
2015-02-06 00:00:00
Ubuntu: Security Advisory (USN-3686-1)
2018-06-15 00:00:00
Debian Security Advisory DSA 3196-1 (file - security update)
2015-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-3686-1: file vulnerabilities | Cloud Foundry
2018-06-20 00:00:00
ubuntu
ubuntu
file vulnerabilities
2018-06-14 00:00:00
file vulnerabilities
2018-06-28 00:00:00
file vulnerabilities
2015-02-04 00:00:00
debian
debian
[SECURITY] [DLA 204-1] file security update
2015-04-19 13:06:12
[SECURITY] [DSA 3196-1] file security update
2015-03-18 17:58:15
[SECURITY] [DLA 460-1] file security update
2016-05-07 14:23:47
cve
cve
CVE-2014-9653
2015-03-30 10:59:00
CVE-2015-8865
2016-05-20 10:59:00
CVE-2014-9652
2015-03-30 10:59:00
prion
prion
Design/Logic Flaw
2015-03-30 10:59:00
Out-of-bounds
2015-03-30 10:59:00
Buffer overflow
2016-05-20 10:59:00
hackerone
hackerone
Internet Bug Bounty: Buffer over-write in finfo_open with malformed magic file.
2019-01-07 20:34:26
Gratipay: PHP 5.4.45 is Outdated and Full of Preformance Interupting Arbitrary Code Execution Bugs
2016-04-16 22:49:59
ubuntucve
ubuntucve
CVE-2015-8865
2015-12-31 00:00:00
CVE-2014-9653
2015-03-30 00:00:00
CVE-2014-9652
2015-01-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package file version 4.26-alt13
2017-03-28 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3196-1] file security update
2015-03-18 00:00:00
[slackware-security] php &#40;SSA:2014-356-02&#41;
2014-12-23 00:00:00
libmagic / file / fileinfo / PHP security vulnerabilities
2015-03-18 00:00:00
debiancve
debiancve
CVE-2014-9653
2015-03-30 10:59:00
CVE-2015-8865
2016-05-20 10:59:00
CVE-2014-9652
2015-03-30 10:59:00
osv
osv
file - security update
2016-05-07 00:00:00
file - security update
2015-04-19 00:00:00
php5 - security update
2015-01-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:34
Denial Of Service (DoS)
2019-05-02 05:04:21
f5
f5
K54924436 : PHP vulnerability CVE-2015-8865
2016-06-10 00:00:00
SOL54924436 - PHP vulnerability CVE-2015-8865
2016-06-10 00:00:00
K15898 : PHP vulnerability CVE-2014-3710
2014-12-08 00:00:00
mageia
mageia
Updated [package] package fix CVE-2014-3710
2014-10-31 18:53:38
Updated php packages fix security vulnerability
2014-11-12 12:56:47
amazon
amazon
Medium: file
2014-11-22 14:34:00
Medium: php54
2014-11-22 13:58:00
Medium: php55
2014-11-22 13:58:00
fedora
fedora
[SECURITY] Fedora 21 Update: file-5.19-7.fc21
2014-11-10 06:44:48
[SECURITY] Fedora 21 Update: file-5.22-2.fc21
2015-02-18 05:55:37
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
archlinux
archlinux
file: denial of service through out-of-bounds read
2014-11-12 00:00:00
php: denial of service
2014-11-13 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
redhat
redhat
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
(RHSA-2015:2155) Moderate: file security and bug fix update
2015-11-19 14:41:30
(RHSA-2014:1768) Important: php53 security update
2014-10-30 00:00:00
centos
centos
file, python security update
2016-05-16 10:13:44
file, python security update
2015-11-30 19:28:42
php53 security update
2014-10-31 14:37:09
suse
suse
Security update for php5 (important)
2015-03-04 16:04:57
Security update for php5 (important)
2015-03-06 11:04:50
Security update for PHP 5.3 (important)
2015-03-05 21:04:56
oraclelinux
oraclelinux
file security, bug fix, and enhancement update
2016-05-12 00:00:00
file security and bug fix update
2015-11-23 00:00:00
php security update
2014-10-30 00:00:00
slackware
slackware
[slackware-security] php
2014-12-23 05:38:55
kaspersky
kaspersky
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:28.file
2014-12-10 00:00:00
freebsd
freebsd
file -- multiple vulnerabilities
2014-12-16 00:00:00

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.5%

JSON
Related for GLSA-201701-42
nessus60openvas52cloudfoundry1ubuntu4debian9cve4prion4hackerone2ubuntucve4altlinux1securityvulns6debiancve4osv7veracode2f54mageia2amazon5fedora3archlinux2ibm4redhat4centos4suse3oraclelinux4slackware1kaspersky1freebsd_advisory1freebsd1