SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2021:2930-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2930-1 advisory. - cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based...

EulerOS 2.0 SP3 : file (EulerOS-SA-2020-1381)

According to the version of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byt...

EulerOS Virtualization for ARM 64 3.0.2.0 : file (EulerOS-SA-2020-1201)

According to the version of the file packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a...

CVE-2019-18218

cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...

CVE-2019-18218

cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...

CVE-2019-18218

CVE-2019-18218 is a concrete issue affecting the file utility: cdf_read_property_info in cdf.c (up to version 5.37) does not cap the number of CDF_VECTOR elements, enabling a heap-based buffer overflow (4-byte out-of-bounds write). Public advisories (Arch Linux ASA-202001-2, ALAS-2019-1326/1370, ...

file buffer overflow vulnerability (CNVD-2020-14286)

file is a set of command-line tools used in Unix-like applications to view file information. A buffer overflow vulnerability exists in cdfreadpropertyinfo in the cdf.c file in file 5.37 and earlier versions, which arises from a networked system or product that performs an operation in memory...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow issue in the cdfreadpropertyinfo function in cdf.c...

Design/Logic Flaw

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

CVE-2014-3480

The CVE-2014-3480 entry concerns a flaw in the cdf_count_chain function of cdf.c used by PHP’s Fileinfo component. The issue stems from inadequate validation of sector-count data in CDF files, enabling a remote attacker to trigger a denial of service (application crash) by supplying a crafted CDF...

CVE-2014-3479

CVE-2014-3479 affects the Fileinfo component in PHP (cdf_check_stream_offset in cdf.c) and can trigger a remote denial of service (application crash) by crafting a CDF stream offset. It is tied to PHP versions before 5.4.30 and 5.5.x before 5.5.14 due to incorrect sector-size data. The issue is d...

CVE-2014-0237

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...

GLSA-201209-14 : file: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201209-14 file: Denial of Service Multiple out-of-bounds read errors and invalid pointer dereference errors have been found in cdf.c. Impact : A remote attacker could entice a user to open a specially crafted Composite Document Fi...