25 matches found
SUSE CVE-2019-8906
docorenote in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused...
file: out-of-bounds read via a crafted ELF file
The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...
file do_core_note Denial of Service Vulnerability
file is a command-line tool used on Unix-like systems to view file information. A security vulnerability exists in the docorenote file of the readelf.c file of the libmagic.a static link library in file version 5.35. A remote attacker could use this vulnerability to cause a denial of service stac...
ALPINE-CVE-2019-8907
docorenote in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service stack corruption and application crash or possibly have unspecified other impact...
UBUNTU-CVE-2019-8907
docorenote in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service stack corruption and application crash or possibly have unspecified other impact...
PHP 5.5.x < 5.5.24 Multiple Vulnerabilities
According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the zendsharedmemdup function within file ext/opcache/zendsharedalloc.c that allows an...
FreeBSD Security Advisory FreeBSD-SA-14:28.file
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:28.file Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in file1 and libmagic3 Category: contrib Module: file Announced: 2014-12-10...
MGASA-2014-0441 Updated php packages fix security vulnerability
An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710. PHP uses an embedded copy of file's libmagic library, and was therefore affected. It has been...
Mandriva Linux Security Advisory : file (MDVSA-2014:131)
Updated file packages fix security vulnerabilities : A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way fil...
Mandriva Linux Security Advisory : php (MDVSA-2014:130)
Updated php packages fix security vulnerabilities : The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...
Updated php packages fix multiple vulnerabilities
Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...
Updated file packages fix security vulnerabilities
A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...
Mandriva Linux Security Advisory : php (MDVSA-2014:115)
Updated php packages fix security vulnerabilities : A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...
MGASA-2014-0258 Updated php packages fix CVE-2014-0237-8
Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...
MGASA-2014-0178 Updated php packages fix security vulnerability
Updated php packages fix security vulnerability: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: It was discovered that the file utility contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. A flaw was foun...
Mandriva Linux Security Advisory : file (MDVSA-2014:051)
Updated file package fixes security vulnerability : It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally,...
DSA-2868-1 php5 - denial of service
Bulletin has no description...
MGASA-2014-0092 Updated file package fixes security vulnerability
It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...
Updated file package fixes security vulnerability
It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...