Fileproject File

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c

CVE-2022-48554 5.5 - Medium - August 22, 2023

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

Out-of-bounds Read

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which

CVE-2019-18218 7.8 - High - October 21, 2019

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Memory Corruption

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read

CVE-2019-8904 8.8 - High - February 18, 2019

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

Out-of-bounds Read

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read

CVE-2019-8905 4.4 - Medium - February 18, 2019

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

Out-of-bounds Read

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read

CVE-2019-8906 4.4 - Medium - February 18, 2019

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

Out-of-bounds Read

do_core_note in readelf.c in libmagic.a in file 5.35

CVE-2019-8907 8.8 - High - February 18, 2019

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

Memory Corruption

The do_core_note function in readelf.c in libmagic.a in file 5.33

CVE-2018-10360 6.5 - Medium - June 11, 2018

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Out-of-bounds Read

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which

CVE-2014-3487 - July 09, 2014

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Improper Input Validation

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which

CVE-2014-3480 - July 09, 2014

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which

CVE-2014-3479 - July 09, 2014

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

softmagic.c in file before 5.17 and libmagic

CVE-2014-2270 - March 14, 2014

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Buffer Overflow