Search for packages
Package details: pkg:deb/debian/file@1:5.22%2B15-2
purl pkg:deb/debian/file@1:5.22%2B15-2
Next non-vulnerable version 1:5.39-3+deb11u1
Latest non-vulnerable version 1:5.39-3+deb11u1
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-116g-ngkf-aaak
Aliases:
CVE-2017-1000249
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
1:5.30-1+deb9u3
Affected by 8 other vulnerabilities.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-3612-mxuh-aaah
Aliases:
CVE-2019-8905
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-4d93-8eka-aaaj
Aliases:
CVE-2019-8904
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-bn7s-3hv6-aaae
Aliases:
CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.
VCID-d856-9dkk-aaaj
Aliases:
CVE-2019-8906
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-gmc9-mppa-aaas
Aliases:
CVE-2019-8907
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-hadq-pjas-aaap
Aliases:
CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
1:5.30-1+deb9u3
Affected by 8 other vulnerabilities.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.
VCID-ktej-rr7k-aaag
Aliases:
CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-yzk2-j6nx-aaaq
Aliases:
CVE-2015-8865
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
1:5.30-1+deb9u3
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:04:33.829551+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:59:11.151200+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:06:55.679859+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T14:50:02.450361+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:18:57.592950+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:45:38.384716+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:36:40.575511+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:33:14.317886+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:29:18.793379+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:03:26.555054+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:19:00.712615+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:00:06.521578+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:28:22.324184+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T01:18:38.240535+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq None 36.1.3
2025-06-21T00:27:29.727532+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.1.3
2025-06-20T23:38:35.782842+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.1.3
2025-06-20T23:10:28.044526+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.1.3
2025-06-20T22:43:45.381958+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.1.3
2025-06-20T21:38:39.174552+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.1.3
2025-06-20T20:04:04.583574+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.1.3
2025-06-20T19:55:50.659660+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.1.3
2025-06-08T11:33:44.493055+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:28:32.116500+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:38:29.998515+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T07:43:23.607113+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:12:04.689447+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:39:49.077069+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:30:51.484691+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:27:17.428910+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:23:19.488858+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:58:20.866456+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:42:57.612621+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:32:19.337665+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:13:03.620473+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T18:41:23.140396+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq None 36.1.0
2025-06-07T17:50:12.986663+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.1.0
2025-06-07T17:01:31.822101+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.1.0
2025-06-07T16:33:35.842574+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.1.0
2025-06-07T16:07:40.063836+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.1.0
2025-06-07T15:01:24.430225+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.1.0
2025-06-07T13:51:36.192366+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.1.0
2025-06-07T13:46:05.860147+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.1.0
2025-04-12T22:36:24.523060+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:17:43.618115+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:42:54.342219+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:51:37.370275+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:48:42.819763+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:44:15.439932+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:18:10.965358+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:12:45.692553+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:20:06.179237+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:15:53.328719+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:44:37.119302+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:12:14.536948+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:03:07.464754+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:59:35.255802+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:55:36.687528+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:30:13.872075+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:13:59.550206+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:02:44.678283+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:42:10.541503+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T17:19:11.569255+00:00 Debian Oval Importer Affected by VCID-yzk2-j6nx-aaaq None 36.0.0
2025-04-07T16:26:48.953559+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.0.0
2025-04-07T15:34:46.175928+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.0.0
2025-04-07T15:05:41.784220+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.0.0
2025-04-07T14:38:56.382889+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.0.0
2025-04-07T13:33:17.402856+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.0.0
2025-04-07T12:26:31.260623+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.0.0
2025-04-07T12:21:17.425970+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.0.0