VulnerableCode Package Details - pkg:deb/ubuntu/file@1:5.32-2ubuntu0.2

Search for packages

Package details: pkg:deb/ubuntu/file@1:5.32-2ubuntu0.2

Essentials
History (0)

purl	pkg:deb/ubuntu/file@1:5.32-2ubuntu0.2

Next non-vulnerable version	1:5.37-5ubuntu0.1
Latest non-vulnerable version	1:5.37-5ubuntu0.1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-hadq-pjas-aaap Aliases: CVE-2019-18218	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).	1:5.37-5ubuntu0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-3612-mxuh-aaah	do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.	CVE-2019-8905
VCID-d856-9dkk-aaaj	do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.	CVE-2019-8906
VCID-gmc9-mppa-aaas	do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.	CVE-2019-8907

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version