VulnerableCode Package Details - pkg:deb/debian/file@1:5.35-4%2Bdeb10u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-15v8-18kg-g7ef Aliases: CVE-2019-18218	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	1:5.39-3+deb11u1 Affected by 0 other vulnerabilities.
VCID-xxwz-bq34-p3b1 Aliases: CVE-2022-48554	File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.	1:5.39-3+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-15v8-18kg-g7ef
Aliases:
CVE-2019-18218

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.

VCID-xxwz-bq34-p3b1
Aliases:
CVE-2022-48554

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-15v8-18kg-g7ef	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	CVE-2019-18218
VCID-1v2r-6smw-gqf3	do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.	CVE-2019-8906
VCID-4nqr-cqub-zkgk		CVE-2017-1000249
VCID-a928-66pg-jud1	do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.	CVE-2019-8907
VCID-cx5s-cbdg-e7bj	do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.	CVE-2019-8904
VCID-qc5e-hdy3-bqd8	The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.	CVE-2018-10360
VCID-r7xb-894d-1ba1	do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.	CVE-2019-8905

Vulnerability

Summary

Aliases

VCID-15v8-18kg-g7ef

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

CVE-2019-18218

VCID-1v2r-6smw-gqf3

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

CVE-2019-8906

VCID-4nqr-cqub-zkgk

CVE-2017-1000249

VCID-a928-66pg-jud1

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

CVE-2019-8907

VCID-cx5s-cbdg-e7bj

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

CVE-2019-8904

VCID-qc5e-hdy3-bqd8

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

CVE-2018-10360

VCID-r7xb-894d-1ba1

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

CVE-2019-8905

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:46:16.129700+00:00	Debian Oval Importer	Fixing	VCID-qc5e-hdy3-bqd8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:59:40.658545+00:00	Debian Oval Importer	Fixing	VCID-1v2r-6smw-gqf3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:32:00.893437+00:00	Debian Oval Importer	Fixing	VCID-a928-66pg-jud1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:28:11.993995+00:00	Debian Oval Importer	Fixing	VCID-4nqr-cqub-zkgk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:21:55.828295+00:00	Debian Oval Importer	Fixing	VCID-cx5s-cbdg-e7bj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:06:52.193321+00:00	Debian Oval Importer	Affected by	VCID-xxwz-bq34-p3b1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:59:09.382323+00:00	Debian Oval Importer	Fixing	VCID-r7xb-894d-1ba1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:48:50.143307+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:19:42.229137+00:00	Debian Oval Importer	Fixing	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0