Search for packages
| purl | pkg:deb/debian/file@1:5.35-4%2Bdeb10u2 |
| Next non-vulnerable version | 1:5.39-3+deb11u1 |
| Latest non-vulnerable version | 1:5.39-3+deb11u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bn7s-3hv6-aaae
Aliases: CVE-2022-48554 |
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. |
Affected by 0 other vulnerabilities. |
|
VCID-hadq-pjas-aaap
Aliases: CVE-2019-18218 |
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-116g-ngkf-aaak | An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). |
CVE-2017-1000249
|
| VCID-3612-mxuh-aaah | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. |
CVE-2019-8905
|
| VCID-4d93-8eka-aaaj | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. |
CVE-2019-8904
|
| VCID-d856-9dkk-aaaj | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
CVE-2019-8906
|
| VCID-gmc9-mppa-aaas | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. |
CVE-2019-8907
|
| VCID-hadq-pjas-aaap | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). |
CVE-2019-18218
|
| VCID-ktej-rr7k-aaag | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
CVE-2018-10360
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T03:12:45.850704+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 36.1.3 |
| 2025-06-21T23:36:22.622720+00:00 | Debian Importer | Fixing | VCID-gmc9-mppa-aaas | None | 36.1.3 |
| 2025-06-21T19:04:33.836271+00:00 | Debian Oval Importer | Affected by | VCID-bn7s-3hv6-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:59:11.158298+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:06:55.685853+00:00 | Debian Oval Importer | Affected by | VCID-hadq-pjas-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T14:50:02.456218+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:32:32.282073+00:00 | Debian Importer | Fixing | VCID-3612-mxuh-aaah | None | 36.1.3 |
| 2025-06-21T14:18:57.599675+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:45:38.390850+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:36:40.583456+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:33:14.324813+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:03:26.562359+00:00 | Debian Oval Importer | Fixing | VCID-hadq-pjas-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:19:00.719995+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T03:16:07.279405+00:00 | Debian Oval Importer | Affected by | VCID-hadq-pjas-aaap | None | 36.1.3 |
| 2025-06-21T00:58:24.612731+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | None | 36.1.3 |
| 2025-06-21T00:27:29.734381+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | None | 36.1.3 |
| 2025-06-20T23:38:35.789499+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | None | 36.1.3 |
| 2025-06-20T23:10:28.051397+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | None | 36.1.3 |
| 2025-06-20T23:03:58.163105+00:00 | Debian Oval Importer | Fixing | VCID-hadq-pjas-aaap | None | 36.1.3 |
| 2025-06-20T22:43:45.388848+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | None | 36.1.3 |
| 2025-06-20T21:38:39.181702+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | None | 36.1.3 |
| 2025-06-08T11:33:44.498460+00:00 | Debian Oval Importer | Affected by | VCID-bn7s-3hv6-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:28:32.122054+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:38:30.003097+00:00 | Debian Oval Importer | Affected by | VCID-hadq-pjas-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T07:43:23.612552+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:12:04.693982+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:39:49.082539+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:30:51.489394+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:27:17.443286+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:58:20.871109+00:00 | Debian Oval Importer | Fixing | VCID-hadq-pjas-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:42:57.617567+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T20:49:07.831531+00:00 | Debian Oval Importer | Affected by | VCID-hadq-pjas-aaap | None | 36.1.0 |
| 2025-06-07T18:20:48.863002+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | None | 36.1.0 |
| 2025-06-07T17:50:12.991140+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | None | 36.1.0 |
| 2025-06-07T17:01:31.826839+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | None | 36.1.0 |
| 2025-06-07T16:33:35.847149+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | None | 36.1.0 |
| 2025-06-07T16:27:12.972149+00:00 | Debian Oval Importer | Fixing | VCID-hadq-pjas-aaap | None | 36.1.0 |
| 2025-06-07T16:07:40.068424+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | None | 36.1.0 |
| 2025-06-07T15:01:24.436368+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | None | 36.1.0 |
| 2025-04-12T22:17:43.633150+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:42:54.359451+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:51:37.385424+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:48:42.834727+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:44:15.455236+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:18:10.981954+00:00 | Debian Oval Importer | Affected by | VCID-bn7s-3hv6-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:12:45.707599+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:20:06.193736+00:00 | Debian Oval Importer | Affected by | VCID-hadq-pjas-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:15:53.344299+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:44:37.134259+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:12:14.551970+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:03:07.479780+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:59:35.271187+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:30:13.886585+00:00 | Debian Oval Importer | Fixing | VCID-hadq-pjas-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:13:59.564814+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T19:19:34.043502+00:00 | Debian Oval Importer | Affected by | VCID-hadq-pjas-aaap | None | 36.0.0 |
| 2025-04-07T16:58:24.677433+00:00 | Debian Oval Importer | Fixing | VCID-116g-ngkf-aaak | None | 36.0.0 |
| 2025-04-07T16:26:48.970740+00:00 | Debian Oval Importer | Fixing | VCID-d856-9dkk-aaaj | None | 36.0.0 |
| 2025-04-07T15:34:46.191053+00:00 | Debian Oval Importer | Fixing | VCID-gmc9-mppa-aaas | None | 36.0.0 |
| 2025-04-07T15:05:41.800487+00:00 | Debian Oval Importer | Fixing | VCID-ktej-rr7k-aaag | None | 36.0.0 |
| 2025-04-07T14:59:03.150657+00:00 | Debian Oval Importer | Fixing | VCID-hadq-pjas-aaap | None | 36.0.0 |
| 2025-04-07T14:38:56.399030+00:00 | Debian Oval Importer | Fixing | VCID-4d93-8eka-aaaj | None | 36.0.0 |
| 2025-04-07T13:33:17.418322+00:00 | Debian Oval Importer | Fixing | VCID-3612-mxuh-aaah | None | 36.0.0 |
| 2025-04-05T21:32:10.027484+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 36.0.0 |
| 2025-04-05T19:07:01.065348+00:00 | Debian Importer | Fixing | VCID-gmc9-mppa-aaas | None | 36.0.0 |
| 2025-04-05T11:04:36.451673+00:00 | Debian Importer | Fixing | VCID-3612-mxuh-aaah | None | 36.0.0 |
| 2025-02-21T05:20:36.817986+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 35.1.0 |
| 2025-02-19T10:50:18.933169+00:00 | Debian Importer | Fixing | VCID-gmc9-mppa-aaas | None | 35.1.0 |
| 2025-02-19T10:50:17.034557+00:00 | Debian Importer | Fixing | VCID-3612-mxuh-aaah | None | 35.1.0 |
| 2024-11-23T19:23:40.433375+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 35.0.0 |
| 2024-10-10T17:22:38.380122+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 34.0.2 |
| 2024-09-19T22:50:59.333381+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 34.0.1 |
| 2024-04-25T22:13:10.355180+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 34.0.0rc4 |
| 2024-04-24T16:38:06.238094+00:00 | Debian Importer | Fixing | VCID-gmc9-mppa-aaas | None | 34.0.0rc4 |
| 2024-04-24T16:38:04.524749+00:00 | Debian Importer | Fixing | VCID-3612-mxuh-aaah | None | 34.0.0rc4 |
| 2024-01-12T08:11:45.722178+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 34.0.0rc2 |
| 2024-01-10T18:39:36.524899+00:00 | Debian Importer | Fixing | VCID-gmc9-mppa-aaas | None | 34.0.0rc2 |
| 2024-01-10T18:39:34.826887+00:00 | Debian Importer | Fixing | VCID-3612-mxuh-aaah | None | 34.0.0rc2 |
| 2024-01-05T06:04:18.229796+00:00 | Debian Importer | Affected by | VCID-bn7s-3hv6-aaae | None | 34.0.0rc1 |
| 2024-01-04T08:09:36.104776+00:00 | Debian Importer | Fixing | VCID-gmc9-mppa-aaas | None | 34.0.0rc1 |
| 2024-01-04T08:09:34.551211+00:00 | Debian Importer | Fixing | VCID-3612-mxuh-aaah | None | 34.0.0rc1 |