Search for packages
Package details: pkg:deb/ubuntu/file@1:5.25-2ubuntu1.4
purl pkg:deb/ubuntu/file@1:5.25-2ubuntu1.4
Next non-vulnerable version 1:5.37-5ubuntu0.1
Latest non-vulnerable version 1:5.37-5ubuntu0.1
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3612-mxuh-aaah
Aliases:
CVE-2019-8905
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
1:5.32-2ubuntu0.2
Affected by 1 other vulnerability.
VCID-d856-9dkk-aaaj
Aliases:
CVE-2019-8906
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
1:5.32-2ubuntu0.2
Affected by 1 other vulnerability.
VCID-gmc9-mppa-aaas
Aliases:
CVE-2019-8907
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
1:5.32-2ubuntu0.2
Affected by 1 other vulnerability.
VCID-hadq-pjas-aaap
Aliases:
CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
1:5.37-5ubuntu0.1
Affected by 0 other vulnerabilities.
VCID-ktej-rr7k-aaag
Aliases:
CVE-2018-10360
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
1:5.32-2ubuntu0.1
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version