Search for packages
Package details: pkg:deb/debian/file@1:5.22%2B15-2%2Bdeb8u4
purl pkg:deb/debian/file@1:5.22%2B15-2%2Bdeb8u4
Next non-vulnerable version 1:5.39-3+deb11u1
Latest non-vulnerable version 1:5.39-3+deb11u1
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-116g-ngkf-aaak
Aliases:
CVE-2017-1000249
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
1:5.30-1+deb9u3
Affected by 8 other vulnerabilities.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-3612-mxuh-aaah
Aliases:
CVE-2019-8905
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-4d93-8eka-aaaj
Aliases:
CVE-2019-8904
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-bn7s-3hv6-aaae
Aliases:
CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.
VCID-d856-9dkk-aaaj
Aliases:
CVE-2019-8906
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-gmc9-mppa-aaas
Aliases:
CVE-2019-8907
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-hadq-pjas-aaap
Aliases:
CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
1:5.30-1+deb9u3
Affected by 8 other vulnerabilities.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.
VCID-ktej-rr7k-aaag
Aliases:
CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-yzk2-j6nx-aaaq
Aliases:
CVE-2015-8865
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
1:5.30-1+deb9u3
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:04:33.831724+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:59:11.153880+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:06:55.682151+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T14:50:02.452301+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:18:57.595173+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:45:38.386756+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:36:40.578147+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:33:14.320067+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:29:18.795334+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:03:26.557614+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:19:00.715026+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:00:06.523898+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:28:22.327295+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T01:18:38.242663+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq None 36.1.3
2025-06-21T00:27:29.729770+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.1.3
2025-06-20T23:38:35.785037+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.1.3
2025-06-20T23:10:28.046785+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.1.3
2025-06-20T22:43:45.384181+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.1.3
2025-06-20T21:38:39.176657+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.1.3
2025-06-20T20:04:04.585192+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.1.3
2025-06-20T19:55:50.662038+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.1.3
2025-06-08T11:33:44.494844+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:28:32.118372+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:38:30.000029+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T07:43:23.608875+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:12:04.690924+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:39:49.078880+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:30:51.486240+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:27:17.430730+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:23:19.490346+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:58:20.868001+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:42:57.614100+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:32:19.339348+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:13:03.622504+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T18:41:23.142189+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq None 36.1.0
2025-06-07T17:50:12.988166+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.1.0
2025-06-07T17:01:31.823599+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.1.0
2025-06-07T16:33:35.844089+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.1.0
2025-06-07T16:07:40.065349+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.1.0
2025-06-07T15:01:24.432051+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.1.0
2025-06-07T13:51:36.193841+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.1.0
2025-06-07T13:46:05.861668+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.1.0
2025-04-12T22:36:24.527954+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:17:43.623137+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:42:54.348272+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:51:37.375354+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:48:42.824785+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:44:15.444726+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:18:10.971204+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:12:45.697638+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:20:06.184105+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:15:53.333850+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:44:37.124358+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:12:14.541951+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:03:07.469839+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:59:35.260655+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:55:36.692519+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:30:13.876818+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:13:59.555064+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:02:44.683158+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:42:10.546263+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T17:19:11.574648+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq None 36.0.0
2025-04-07T16:26:48.959254+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.0.0
2025-04-07T15:34:46.181197+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.0.0
2025-04-07T15:05:41.789588+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.0.0
2025-04-07T14:38:56.388127+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.0.0
2025-04-07T13:33:17.408373+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.0.0
2025-04-07T12:26:31.265976+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.0.0
2025-04-07T12:21:17.432646+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.0.0