Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:alpm/archlinux/file@5.35-1
purl pkg:alpm/archlinux/file@5.35-1
Next non-vulnerable version 5.36-1
Latest non-vulnerable version 5.38-1
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-dnwd-kqz6-p3ek
Aliases:
CVE-2019-8905
file: stack-based buffer over-read in do_core_note in readelf.c
5.36-1
Affected by 0 other vulnerabilities.
VCID-p13b-2a4m-sbfx
Aliases:
CVE-2019-8907
file: do_core_note in readelf.c allows remote attackers to cause a denial of service
5.36-1
Affected by 0 other vulnerabilities.
VCID-t8q1-8y52-e7dp
Aliases:
CVE-2019-8906
file: out-of-bounds read in do_core_note in readelf.c
5.36-1
Affected by 0 other vulnerabilities.
VCID-zqgq-d1nu-qbd5
Aliases:
CVE-2019-8904
file: stack-based buffer over-read in do_bid_note in readelf.c
5.36-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T18:25:58.022874+00:00 Arch Linux Importer Affected by VCID-zqgq-d1nu-qbd5 https://security.archlinux.org/AVG-907 38.0.0
2026-04-01T18:25:57.993934+00:00 Arch Linux Importer Affected by VCID-dnwd-kqz6-p3ek https://security.archlinux.org/AVG-907 38.0.0
2026-04-01T18:25:57.965035+00:00 Arch Linux Importer Affected by VCID-t8q1-8y52-e7dp https://security.archlinux.org/AVG-907 38.0.0
2026-04-01T18:25:57.937090+00:00 Arch Linux Importer Affected by VCID-p13b-2a4m-sbfx https://security.archlinux.org/AVG-907 38.0.0