VulnerableCode Package Details - pkg:deb/debian/file@1:5.22%2B15-2%2Bdeb8u4

Search for packages

Package details: pkg:deb/debian/file@1:5.22%2B15-2%2Bdeb8u4

Essentials
History (12)

purl	pkg:deb/debian/file@1:5.22%2B15-2%2Bdeb8u4

Next non-vulnerable version	1:5.39-3+deb11u1
Latest non-vulnerable version	1:5.39-3+deb11u1
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-15v8-18kg-g7ef Aliases: CVE-2019-18218	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	1:5.30-1+deb9u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:5.39-3+deb11u1 Affected by 0 other vulnerabilities.
VCID-1v2r-6smw-gqf3 Aliases: CVE-2019-8906	do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4nqr-cqub-zkgk Aliases: CVE-2017-1000249		1:5.30-1+deb9u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a928-66pg-jud1 Aliases: CVE-2019-8907	do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cx5s-cbdg-e7bj Aliases: CVE-2019-8904	do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-me9c-np98-cudr Aliases: CVE-2015-8865		1:5.30-1+deb9u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qc5e-hdy3-bqd8 Aliases: CVE-2018-10360	The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r7xb-894d-1ba1 Aliases: CVE-2019-8905	do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.	1:5.35-4+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xxwz-bq34-p3b1 Aliases: CVE-2022-48554	File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.	1:5.39-3+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:12:24.034013+00:00	Debian Oval Importer	Affected by	VCID-me9c-np98-cudr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:46:16.119903+00:00	Debian Oval Importer	Affected by	VCID-qc5e-hdy3-bqd8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:59:40.649256+00:00	Debian Oval Importer	Affected by	VCID-1v2r-6smw-gqf3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:32:00.884398+00:00	Debian Oval Importer	Affected by	VCID-a928-66pg-jud1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:28:11.985044+00:00	Debian Oval Importer	Affected by	VCID-4nqr-cqub-zkgk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:21:55.818910+00:00	Debian Oval Importer	Affected by	VCID-cx5s-cbdg-e7bj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:06:52.183315+00:00	Debian Oval Importer	Affected by	VCID-xxwz-bq34-p3b1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:59:09.373137+00:00	Debian Oval Importer	Affected by	VCID-r7xb-894d-1ba1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:48:50.133816+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:19:42.218781+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:05:45.606774+00:00	Debian Oval Importer	Affected by	VCID-4nqr-cqub-zkgk	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:46:21.370656+00:00	Debian Oval Importer	Affected by	VCID-15v8-18kg-g7ef	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0