VulnerableCode Package Details - pkg:deb/ubuntu/file@1:5.14-2ubuntu3.4

Search for packages

Package details: pkg:deb/ubuntu/file@1:5.14-2ubuntu3.4

Essentials
History (0)

purl	pkg:deb/ubuntu/file@1:5.14-2ubuntu3.4

Next non-vulnerable version	1:5.37-5ubuntu0.1
Latest non-vulnerable version	1:5.37-5ubuntu0.1
Risk	4.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-3612-mxuh-aaah Aliases: CVE-2019-8905	do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.	1:5.32-2ubuntu0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9f2v-fyxs-aaap Aliases: CVE-2014-9621	The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.	1:5.22+15-2ubuntu1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d856-9dkk-aaaj Aliases: CVE-2019-8906	do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.	1:5.32-2ubuntu0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gmc9-mppa-aaas Aliases: CVE-2019-8907	do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.	1:5.32-2ubuntu0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hadq-pjas-aaap Aliases: CVE-2019-18218	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	1:5.37-5ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-wkwn-96md-aaag Aliases: CVE-2014-9653	readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.	1:5.25-2ubuntu1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-ktej-rr7k-aaag	The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.	CVE-2018-10360
VCID-y4k2-4v7u-aaas	The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.	CVE-2014-9620
VCID-yzk2-j6nx-aaaq	The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.	CVE-2015-8865

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version