18 matches found
CVE-2019-18218
CVE-2019-18218 is a concrete issue affecting the file utility: cdf_read_property_info in cdf.c (up to version 5.37) does not cap the number of CDF_VECTOR elements, enabling a heap-based buffer overflow (4-byte out-of-bounds write). Public advisories (Arch Linux ASA-202001-2, ALAS-2019-1326/1370, ...
CVE-2018-10360
Summary (grounded): The CVE-2018-10360 issue resides in the file package (libmagic.a) where the function do_core_note in readelf.c on version 5.33 can trigger an out-of-bounds read via a crafted ELF file, causing a denial of service. The connected advisory (ALAS2-2020-1452) confirms affected Amaz...
CVE-2014-9653
CVE-2014-9653 affects the ELF parsing in the file utility (readelf.c) used by PHP Fileinfo. The vulnerability arises because pread calls may return only a subset of data, enabling remote denial of service via uninitialized memory access, and possibly other impact with crafted ELF files. Affected ...
CVE-2014-3479
CVE-2014-3479 affects the Fileinfo component in PHP (cdf_check_stream_offset in cdf.c) and can trigger a remote denial of service (application crash) by crafting a CDF stream offset. It is tied to PHP versions before 5.4.30 and 5.5.x before 5.5.14 due to incorrect sector-size data. The issue is d...
CVE-2014-3480
The CVE-2014-3480 entry concerns a flaw in the cdf_count_chain function of cdf.c used by PHP’s Fileinfo component. The issue stems from inadequate validation of sector-count data in CDF files, enabling a remote attacker to trigger a denial of service (application crash) by supplying a crafted CDF...
CVE-2014-3487
CVE-2014-3487 is a vulnerability in PHP’s Fileinfo (cdf_read_property_info in cdf.c) where the Fileinfo component fails to validate a stream offset in CDF files. A crafted CDF file can cause a DoS (application crash) on PHP builds using file before 5.19, specifically affecting PHP 5.4.30 and 5.5....
CVE-2022-48554
CVE-2022-48554 affects the file utility (the Open Source project named “File”) with a stack-based buffer over-read in file_copystr() in funcs.c, before version 5.43. The issue can cause denial of service or potentially memory corruption. Affected distributions/contexts include Apple platforms (ma...
CVE-2019-8907
The CVE-2019-8907 issue affects the file utility (libmagic, static libmagic.a) in version 5.35, where do_core_note in readelf.c triggers a stack corruption/DoS (and possible other impact). The connected Arch Linux advisory (ALAS-2019-1186) documents multiple CVEs in file, including CVE-2019-8907,...
CVE-2019-8905
CVE-2019-8905 affects the file utility (libmagic.a) do_core_note in readelf.c, version 5.35, via a stack-based buffer over-read related to file_printable. This can allow information disclosure and may cause denial of service when processing crafted ELF files. Upstream fixes exist in file version ...
CVE-2014-9652
CVE-2014-9652 affects the Fileinfo component’s mconvert path (softmagic.c) used by PHP’s fileinfo. The vulnerability arises from improper handling of a string-length field when copying a truncated Pascal string, potentially allowing a remote attacker to cause a denial of service via out-of-bounds...
CVE-2019-8906
CVE-2019-8906 is a file vulnerability affecting the file utility, caused by an out-of-bounds read due to incorrect use of memcpy in do_core_note within libmagic.a (file version 5.35). Public write-ups in connected documents confirm this entry and associate it with the file parser/ELF handling pat...
CVE-2014-2270
CVE-2014-2270 affects the file/libmagic implementation (softmagic.c) prior to version 5.17. A crafted PE executable can trigger an out-of-bounds memory access in the softmagic data, enabling a context-dependent attacker to cause a denial-of-service (crash). Public advisories describe the impact a...
CVE-2017-1000249
CVE-2017-1000249 affects the file utility: a stack-based overflow in the file() handling lets an attacker overwrite a fixed 20-byte stack buffer via a specially crafted .notes section in an ELF binary. The issue originates from a code path in file; multiple advisories (Fedora, Gentoo GLSA, Amazon...
CVE-2014-9620
CVE-2014-9620 affects the file utility’s ELF parser (versions 5.08–5.21). A remote attacker can cause a denial of service by supplying an overly long string or large number of notes (through ELF parsing). Public references show affected ecosystems including Ubuntu (USN-3686-1), CentOS/RHEL adviso...
CVE-2014-8116
CVE-2014-8116 affects the file utility’s ELF parser (readelf.c) before 5.21, allowing remote DoS (CPU consumption or crash) via a large number of program/section headers or invalid capabilities. Related entry CVE-2014-8117 affects softmagic.c recursion. Connected advisories confirm multiple vendo...
CVE-2014-8117
CVE-2014-8117 affects the file utility; the softmagic.c code path in file before 5.21 does not properly limit recursion, enabling a remote attacker to trigger a denial of service (CPU consumption or crash) via unspecified vectors. Connected advisories confirm this issue alongside CVE-2014-8116 an...
CVE-2019-8904
CVE-2019-8904 concerns do_bid_note in readelf.c within libmagic.a (file package, 5.35) causing a stack-based buffer over-read, related to file_printf and file_vprintf. The vulnerability is described across multiple connected advisories (e.g., Cloud Foundry/USNs and Nessus entries) as impacting va...
CVE-2014-9621
CVE-2014-9621 affects the file utility’s ELF parser (versions 5.16–5.21). A remote attacker can trigger a denial of service by supplying a crafted long string in an ELF file. Remediation: upgrade to file version 5.22 (or later) as indicated by multiple advisories (e.g., SUSE/openSUSE/Ubuntu USN)....