VulnerableCode Package Details - pkg:deb/debian/file@1:5.22%2B15-2~bpo7%2B1

Search for packages

Package details: pkg:deb/debian/file@1:5.22%2B15-2~bpo7%2B1

Essentials
History (32)

purl	pkg:deb/debian/file@1:5.22%2B15-2~bpo7%2B1

Next non-vulnerable version	1:5.39-3+deb11u1
Latest non-vulnerable version	1:5.39-3+deb11u1
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-15v8-18kg-g7ef Aliases: CVE-2019-18218	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	1:5.30-1+deb9u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:5.39-3+deb11u1 Affected by 0 other vulnerabilities.
VCID-1v2r-6smw-gqf3 Aliases: CVE-2019-8906	do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4nqr-cqub-zkgk Aliases: CVE-2017-1000249		1:5.30-1+deb9u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a928-66pg-jud1 Aliases: CVE-2019-8907	do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cx5s-cbdg-e7bj Aliases: CVE-2019-8904	do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-me9c-np98-cudr Aliases: CVE-2015-8865		1:5.30-1+deb9u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qc5e-hdy3-bqd8 Aliases: CVE-2018-10360	The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r7xb-894d-1ba1 Aliases: CVE-2019-8905	do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xxwz-bq34-p3b1 Aliases: CVE-2022-48554	File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.	1:5.39-3+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (20)

Vulnerability	Summary	Aliases
VCID-15y1-kds1-kbbu		CVE-2014-9620
VCID-3m6c-ba8w-4bgv		CVE-2014-3587
VCID-5t7f-sa76-kueh		CVE-2014-0238
VCID-6ba2-28y2-2fby		CVE-2014-3538
VCID-6saf-xd2z-67at		CVE-2014-2270
VCID-925b-2zzf-puf9		CVE-2014-9652
VCID-c1dz-dre4-vbdx		CVE-2014-3710
VCID-evb9-14mt-mfcw		CVE-2014-3478
VCID-jg88-vwqz-qua6		CVE-2014-9621
VCID-jjex-w9bv-rfbm		CVE-2014-8116
VCID-m7up-51vh-w7gw		CVE-2014-8117
VCID-ne9h-gdbn-83be		CVE-2013-7345
VCID-qw1m-z63k-m7aq		CVE-2014-3487
VCID-rbsu-tvae-rqby		CVE-2014-3480
VCID-rbxv-29fe-6yaq		CVE-2014-3479
VCID-t2kg-9t3x-qqgx		CVE-2014-0237
VCID-vs63-5t1d-u7b9		CVE-2014-0207
VCID-xam7-y8mv-kbab		CVE-2014-9653
VCID-xjj3-egej-ybam	file: root_storage NULL pointer deference flaw in CDF parser	CVE-2014-0236
VCID-ykmk-ya4d-6bhf		CVE-2014-1943

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:14:11.248953+00:00	Debian Oval Importer	Fixing	VCID-6ba2-28y2-2fby	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T20:13:29.605983+00:00	Debian Oval Importer	Fixing	VCID-6saf-xd2z-67at	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T20:12:24.024513+00:00	Debian Oval Importer	Affected by	VCID-me9c-np98-cudr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:46:16.110101+00:00	Debian Oval Importer	Affected by	VCID-qc5e-hdy3-bqd8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:04:18.936646+00:00	Debian Oval Importer	Fixing	VCID-925b-2zzf-puf9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:01:23.280133+00:00	Debian Oval Importer	Fixing	VCID-jg88-vwqz-qua6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:59:40.639869+00:00	Debian Oval Importer	Affected by	VCID-1v2r-6smw-gqf3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:57:33.880123+00:00	Debian Oval Importer	Fixing	VCID-ne9h-gdbn-83be	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:51:39.104116+00:00	Debian Oval Importer	Fixing	VCID-evb9-14mt-mfcw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:39:16.555392+00:00	Debian Oval Importer	Fixing	VCID-xam7-y8mv-kbab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:18:42.633090+00:00	Debian Oval Importer	Fixing	VCID-xjj3-egej-ybam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:02:41.666616+00:00	Debian Oval Importer	Fixing	VCID-15y1-kds1-kbbu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:46:29.974073+00:00	Debian Oval Importer	Fixing	VCID-rbsu-tvae-rqby	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:42:17.855923+00:00	Debian Oval Importer	Fixing	VCID-rbxv-29fe-6yaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:13:46.185749+00:00	Debian Oval Importer	Fixing	VCID-3m6c-ba8w-4bgv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:12:52.295299+00:00	Debian Oval Importer	Fixing	VCID-vs63-5t1d-u7b9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:32:00.875492+00:00	Debian Oval Importer	Affected by	VCID-a928-66pg-jud1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:28:11.977075+00:00	Debian Oval Importer	Affected by	VCID-4nqr-cqub-zkgk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:22:37.413408+00:00	Debian Oval Importer	Fixing	VCID-t2kg-9t3x-qqgx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:21:55.809631+00:00	Debian Oval Importer	Affected by	VCID-cx5s-cbdg-e7bj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:26:47.382618+00:00	Debian Oval Importer	Fixing	VCID-c1dz-dre4-vbdx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:49:23.370435+00:00	Debian Oval Importer	Fixing	VCID-5t7f-sa76-kueh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:42:49.222764+00:00	Debian Oval Importer	Fixing	VCID-qw1m-z63k-m7aq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:25:16.054045+00:00	Debian Oval Importer	Fixing	VCID-jjex-w9bv-rfbm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:06:52.173425+00:00	Debian Oval Importer	Affected by	VCID-xxwz-bq34-p3b1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:59:09.363693+00:00	Debian Oval Importer	Affected by	VCID-r7xb-894d-1ba1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:50:02.762268+00:00	Debian Oval Importer	Fixing	VCID-ykmk-ya4d-6bhf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:07:09.593439+00:00	Debian Oval Importer	Fixing	VCID-m7up-51vh-w7gw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:48:50.125008+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:19:42.210526+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:05:45.597136+00:00	Debian Oval Importer	Affected by	VCID-4nqr-cqub-zkgk	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:46:21.358386+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0