Search for packages
Package details: pkg:deb/debian/file@1:5.30-1%2Bdeb9u3
purl pkg:deb/debian/file@1:5.30-1%2Bdeb9u3
Next non-vulnerable version 1:5.39-3+deb11u1
Latest non-vulnerable version 1:5.39-3+deb11u1
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-116g-ngkf-aaak
Aliases:
CVE-2017-1000249
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-3612-mxuh-aaah
Aliases:
CVE-2019-8905
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-4d93-8eka-aaaj
Aliases:
CVE-2019-8904
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-bn7s-3hv6-aaae
Aliases:
CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.
VCID-d856-9dkk-aaaj
Aliases:
CVE-2019-8906
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-gmc9-mppa-aaas
Aliases:
CVE-2019-8907
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
VCID-hadq-pjas-aaap
Aliases:
CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
1:5.39-3+deb11u1
Affected by 0 other vulnerabilities.
VCID-ktej-rr7k-aaag
Aliases:
CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
1:5.35-4+deb10u2
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-116g-ngkf-aaak An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). CVE-2017-1000249
VCID-hadq-pjas-aaap cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). CVE-2019-18218
VCID-yzk2-j6nx-aaaq The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. CVE-2015-8865

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T23:36:22.620392+00:00 Debian Importer Affected by VCID-gmc9-mppa-aaas None 36.1.3
2025-06-21T19:04:33.833995+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:59:11.156193+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:06:55.684023+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T14:50:02.454254+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:32:32.279404+00:00 Debian Importer Affected by VCID-3612-mxuh-aaah None 36.1.3
2025-06-21T14:18:57.597430+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:45:38.388814+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:36:40.580674+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:33:14.322486+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:29:18.797320+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:03:26.560238+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:19:00.717518+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:00:06.526297+00:00 Debian Oval Importer Fixing VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:28:22.329794+00:00 Debian Oval Importer Fixing VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T01:18:38.244875+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq None 36.1.3
2025-06-21T00:58:24.610653+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.1.3
2025-06-21T00:27:29.732063+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.1.3
2025-06-20T23:38:35.787281+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.1.3
2025-06-20T23:10:28.049076+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.1.3
2025-06-20T23:03:58.160886+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.1.3
2025-06-20T22:43:45.386502+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.1.3
2025-06-20T21:38:39.179216+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.1.3
2025-06-20T20:04:04.586840+00:00 Debian Oval Importer Fixing VCID-116g-ngkf-aaak None 36.1.3
2025-06-20T19:55:50.664010+00:00 Debian Oval Importer Fixing VCID-hadq-pjas-aaap None 36.1.3
2025-06-08T11:33:44.496657+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:28:32.120185+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:38:30.001552+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T07:43:23.610697+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:12:04.692436+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:39:49.080706+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:30:51.487811+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:27:17.432561+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:23:19.491891+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:58:20.869569+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:42:57.615599+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:32:19.341109+00:00 Debian Oval Importer Fixing VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:13:03.624872+00:00 Debian Oval Importer Fixing VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T18:41:23.144555+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq None 36.1.0
2025-06-07T18:20:48.861325+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.1.0
2025-06-07T17:50:12.989657+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.1.0
2025-06-07T17:01:31.825106+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.1.0
2025-06-07T16:33:35.845613+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.1.0
2025-06-07T16:27:12.969513+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.1.0
2025-06-07T16:07:40.066892+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.1.0
2025-06-07T15:01:24.433894+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.1.0
2025-06-07T13:51:36.195345+00:00 Debian Oval Importer Fixing VCID-116g-ngkf-aaak None 36.1.0
2025-06-07T13:46:05.863936+00:00 Debian Oval Importer Fixing VCID-hadq-pjas-aaap None 36.1.0
2025-04-12T22:36:24.532878+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:17:43.628173+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:42:54.354233+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:51:37.380425+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:48:42.829775+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:44:15.449878+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:18:10.976984+00:00 Debian Oval Importer Affected by VCID-bn7s-3hv6-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:12:45.702634+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:20:06.188896+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:15:53.339202+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:44:37.129396+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:12:14.546925+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:03:07.474761+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:59:35.265835+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:55:36.697595+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:30:13.881697+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:13:59.559967+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:02:44.688162+00:00 Debian Oval Importer Fixing VCID-116g-ngkf-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:42:10.551416+00:00 Debian Oval Importer Fixing VCID-hadq-pjas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T17:19:11.579960+00:00 Debian Oval Importer Fixing VCID-yzk2-j6nx-aaaq None 36.0.0
2025-04-07T16:58:24.672042+00:00 Debian Oval Importer Affected by VCID-116g-ngkf-aaak None 36.0.0
2025-04-07T16:26:48.964975+00:00 Debian Oval Importer Affected by VCID-d856-9dkk-aaaj None 36.0.0
2025-04-07T15:34:46.186052+00:00 Debian Oval Importer Affected by VCID-gmc9-mppa-aaas None 36.0.0
2025-04-07T15:05:41.795052+00:00 Debian Oval Importer Affected by VCID-ktej-rr7k-aaag None 36.0.0
2025-04-07T14:59:03.145043+00:00 Debian Oval Importer Affected by VCID-hadq-pjas-aaap None 36.0.0
2025-04-07T14:38:56.393425+00:00 Debian Oval Importer Affected by VCID-4d93-8eka-aaaj None 36.0.0
2025-04-07T13:33:17.413473+00:00 Debian Oval Importer Affected by VCID-3612-mxuh-aaah None 36.0.0
2025-04-07T12:26:31.271340+00:00 Debian Oval Importer Fixing VCID-116g-ngkf-aaak None 36.0.0
2025-04-07T12:21:17.438102+00:00 Debian Oval Importer Fixing VCID-hadq-pjas-aaap None 36.0.0
2025-04-05T19:07:01.060914+00:00 Debian Importer Affected by VCID-gmc9-mppa-aaas None 36.0.0
2025-04-05T11:04:36.447276+00:00 Debian Importer Affected by VCID-3612-mxuh-aaah None 36.0.0
2025-02-19T10:50:18.927983+00:00 Debian Importer Affected by VCID-gmc9-mppa-aaas None 35.1.0
2025-02-19T10:50:17.029083+00:00 Debian Importer Affected by VCID-3612-mxuh-aaah None 35.1.0
2024-04-24T16:38:06.233030+00:00 Debian Importer Affected by VCID-gmc9-mppa-aaas None 34.0.0rc4
2024-04-24T16:38:04.519915+00:00 Debian Importer Affected by VCID-3612-mxuh-aaah None 34.0.0rc4
2024-01-10T18:39:36.520853+00:00 Debian Importer Affected by VCID-gmc9-mppa-aaas None 34.0.0rc2
2024-01-10T18:39:34.822151+00:00 Debian Importer Affected by VCID-3612-mxuh-aaah None 34.0.0rc2
2024-01-04T08:09:36.100657+00:00 Debian Importer Affected by VCID-gmc9-mppa-aaas None 34.0.0rc1
2024-01-04T08:09:34.546518+00:00 Debian Importer Affected by VCID-3612-mxuh-aaah None 34.0.0rc1