File@* Security Vulnerabilities and Issues — File@* CVE List

Lucene search

File ProjectFile*

8 matches found

CVE•added 2019/10/21 5:15 a.m.•576 views

CVE-2019-18218

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

7.8CVSS8AI score0.00216EPSS

CVE•added 2015/03/30 10:59 a.m.•262 views

CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory...

7.5CVSS6.6AI score0.09509EPSS

CVE•added 2014/07/09 11:7 a.m.•255 views

CVE-2014-3479

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CD...

4.3CVSS8.9AI score0.14559EPSS

CVE•added 2014/07/09 11:7 a.m.•240 views

CVE-2014-3480

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3CVSS8.9AI score0.14559EPSS

CVE•added 2014/07/09 11:7 a.m.•230 views

CVE-2014-3487

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3CVSS8.8AI score0.18223EPSS

CVE•added 2015/03/30 10:59 a.m.•175 views

CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote att...

5CVSS6.7AI score0.06004EPSS

CVE•added 2014/03/14 3:55 p.m.•163 views

CVE-2014-2270

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

4.3CVSS5.6AI score0.3696EPSS

CVE•added 2014/12/17 7:59 p.m.•94 views

CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

5CVSS7.1AI score0.08841EPSS