Lucene search
K
File ProjectFile

18 matches found

CVE
CVE
added 2019/10/21 4:41 a.m.641 views

CVE-2019-18218

CVE-2019-18218 is a concrete issue affecting the file utility: cdf_read_property_info in cdf.c (up to version 5.37) does not cap the number of CDF_VECTOR elements, enabling a heap-based buffer overflow (4-byte out-of-bounds write). Public advisories (Arch Linux ASA-202001-2, ALAS-2019-1326/1370, ...

7.8CVSS8AI score0.0185EPSS
CVE
CVE
added 2018/06/11 10:0 a.m.314 views

CVE-2018-10360

Summary (grounded): The CVE-2018-10360 issue resides in the file package (libmagic.a) where the function do_core_note in readelf.c on version 5.33 can trigger an out-of-bounds read via a crafted ELF file, causing a denial of service. The connected advisory (ALAS2-2020-1452) confirms affected Amaz...

6.5CVSS5.4AI score0.0341EPSS
CVE
CVE
added 2015/03/30 10:0 a.m.302 views

CVE-2014-9653

CVE-2014-9653 affects the ELF parsing in the file utility (readelf.c) used by PHP Fileinfo. The vulnerability arises because pread calls may return only a subset of data, enabling remote denial of service via uninitialized memory access, and possibly other impact with crafted ELF files. Affected ...

7.5CVSS6.6AI score0.04681EPSS
CVE
CVE
added 2014/07/09 10:0 a.m.295 views

CVE-2014-3479

CVE-2014-3479 affects the Fileinfo component in PHP (cdf_check_stream_offset in cdf.c) and can trigger a remote denial of service (application crash) by crafting a CDF stream offset. It is tied to PHP versions before 5.4.30 and 5.5.x before 5.5.14 due to incorrect sector-size data. The issue is d...

4.3CVSS8.9AI score0.14927EPSS
CVE
CVE
added 2014/07/09 10:0 a.m.290 views

CVE-2014-3480

The CVE-2014-3480 entry concerns a flaw in the cdf_count_chain function of cdf.c used by PHP’s Fileinfo component. The issue stems from inadequate validation of sector-count data in CDF files, enabling a remote attacker to trigger a denial of service (application crash) by supplying a crafted CDF...

6.5CVSS8.9AI score0.11481EPSS
CVE
CVE
added 2014/07/09 10:0 a.m.280 views

CVE-2014-3487

CVE-2014-3487 is a vulnerability in PHP’s Fileinfo (cdf_read_property_info in cdf.c) where the Fileinfo component fails to validate a stream offset in CDF files. A crafted CDF file can cause a DoS (application crash) on PHP builds using file before 5.19, specifically affecting PHP 5.4.30 and 5.5....

4.3CVSS8.8AI score0.14927EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.234 views

CVE-2022-48554

CVE-2022-48554 affects the file utility (the Open Source project named “File”) with a stack-based buffer over-read in file_copystr() in funcs.c, before version 5.43. The issue can cause denial of service or potentially memory corruption. Affected distributions/contexts include Apple platforms (ma...

5.5CVSS5.7AI score0.00656EPSS
CVE
CVE
added 2019/02/18 5:0 p.m.229 views

CVE-2019-8907

The CVE-2019-8907 issue affects the file utility (libmagic, static libmagic.a) in version 5.35, where do_core_note in readelf.c triggers a stack corruption/DoS (and possible other impact). The connected Arch Linux advisory (ALAS-2019-1186) documents multiple CVEs in file, including CVE-2019-8907,...

8.8CVSS5.7AI score0.03465EPSS
CVE
CVE
added 2019/02/18 5:0 p.m.225 views

CVE-2019-8905

CVE-2019-8905 affects the file utility (libmagic.a) do_core_note in readelf.c, version 5.35, via a stack-based buffer over-read related to file_printable. This can allow information disclosure and may cause denial of service when processing crafted ELF files. Upstream fixes exist in file version ...

4.4CVSS5.9AI score0.00475EPSS
CVE
CVE
added 2015/03/30 10:0 a.m.209 views

CVE-2014-9652

CVE-2014-9652 affects the Fileinfo component’s mconvert path (softmagic.c) used by PHP’s fileinfo. The vulnerability arises from improper handling of a string-length field when copying a truncated Pascal string, potentially allowing a remote attacker to cause a denial of service via out-of-bounds...

5CVSS6.7AI score0.05489EPSS
CVE
CVE
added 2019/02/18 5:0 p.m.209 views

CVE-2019-8906

CVE-2019-8906 is a file vulnerability affecting the file utility, caused by an out-of-bounds read due to incorrect use of memcpy in do_core_note within libmagic.a (file version 5.35). Public write-ups in connected documents confirm this entry and associate it with the file parser/ELF handling pat...

4.4CVSS4.8AI score0.00493EPSS
CVE
CVE
added 2014/03/14 3:0 p.m.204 views

CVE-2014-2270

CVE-2014-2270 affects the file/libmagic implementation (softmagic.c) prior to version 5.17. A crafted PE executable can trigger an out-of-bounds memory access in the softmagic data, enabling a context-dependent attacker to cause a denial-of-service (crash). Public advisories describe the impact a...

4.3CVSS5.6AI score0.04318EPSS
CVE
CVE
added 2017/09/11 7:0 p.m.180 views

CVE-2017-1000249

CVE-2017-1000249 affects the file utility: a stack-based overflow in the file() handling lets an attacker overwrite a fixed 20-byte stack buffer via a specially crafted .notes section in an ELF binary. The issue originates from a code path in file; multiple advisories (Fedora, Gentoo GLSA, Amazon...

5.5CVSS5.3AI score0.00404EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.133 views

CVE-2014-9620

CVE-2014-9620 affects the file utility’s ELF parser (versions 5.08–5.21). A remote attacker can cause a denial of service by supplying an overly long string or large number of notes (through ELF parsing). Public references show affected ecosystems including Ubuntu (USN-3686-1), CentOS/RHEL adviso...

5CVSS5.9AI score0.04683EPSS
CVE
CVE
added 2014/12/17 7:0 p.m.131 views

CVE-2014-8116

CVE-2014-8116 affects the file utility’s ELF parser (readelf.c) before 5.21, allowing remote DoS (CPU consumption or crash) via a large number of program/section headers or invalid capabilities. Related entry CVE-2014-8117 affects softmagic.c recursion. Connected advisories confirm multiple vendo...

5CVSS6.9AI score0.04432EPSS
CVE
CVE
added 2014/12/17 7:0 p.m.124 views

CVE-2014-8117

CVE-2014-8117 affects the file utility; the softmagic.c code path in file before 5.21 does not properly limit recursion, enabling a remote attacker to trigger a denial of service (CPU consumption or crash) via unspecified vectors. Connected advisories confirm this issue alongside CVE-2014-8116 an...

5CVSS7.1AI score0.05926EPSS
CVE
CVE
added 2019/02/18 5:0 p.m.124 views

CVE-2019-8904

CVE-2019-8904 concerns do_bid_note in readelf.c within libmagic.a (file package, 5.35) causing a stack-based buffer over-read, related to file_printf and file_vprintf. The vulnerability is described across multiple connected advisories (e.g., Cloud Foundry/USNs and Nessus entries) as impacting va...

8.8CVSS6.1AI score0.0249EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.117 views

CVE-2014-9621

CVE-2014-9621 affects the file utility’s ELF parser (versions 5.16–5.21). A remote attacker can trigger a denial of service by supplying a crafted long string in an ELF file. Remediation: upgrade to file version 5.22 (or later) as indicated by multiple advisories (e.g., SUSE/openSUSE/Ubuntu USN)....

5CVSS5.9AI score0.02976EPSS