Search for packages
| purl | pkg:deb/ubuntu/file@5.11-2ubuntu4.1 |
| Next non-vulnerable version | 1:5.37-5ubuntu0.1 |
| Latest non-vulnerable version | 1:5.37-5ubuntu0.1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3612-mxuh-aaah
Aliases: CVE-2019-8905 |
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. |
Affected by 1 other vulnerability. |
|
VCID-59fn-ybff-aaan
Aliases: CVE-2014-3487 |
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
Affected by 14 other vulnerabilities. |
|
VCID-6s6r-52vh-aaag
Aliases: CVE-2014-3538 |
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. |
Affected by 14 other vulnerabilities. |
|
VCID-9f2v-fyxs-aaap
Aliases: CVE-2014-9621 |
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. |
Affected by 7 other vulnerabilities. |
|
VCID-9rh2-2cx7-aaaa
Aliases: CVE-2014-3478 |
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. |
Affected by 14 other vulnerabilities. |
|
VCID-cavj-1gux-aaab
Aliases: CVE-2014-9652 |
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. |
Affected by 9 other vulnerabilities. |
|
VCID-d856-9dkk-aaaj
Aliases: CVE-2019-8906 |
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
Affected by 1 other vulnerability. |
|
VCID-ddnb-6axg-aaap
Aliases: CVE-2014-3480 |
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
Affected by 14 other vulnerabilities. |
|
VCID-gmc9-mppa-aaas
Aliases: CVE-2019-8907 |
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. |
Affected by 1 other vulnerability. |
|
VCID-h3zh-a6uj-aaab
Aliases: CVE-2014-8116 |
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. |
Affected by 9 other vulnerabilities. |
|
VCID-hadq-pjas-aaap
Aliases: CVE-2019-18218 |
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). |
Affected by 0 other vulnerabilities. |
|
VCID-j8qb-f87m-aaaf
Aliases: CVE-2013-7345 |
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. |
Affected by 14 other vulnerabilities. |
|
VCID-ks9b-8sm9-aaaa
Aliases: CVE-2014-3710 |
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
Affected by 9 other vulnerabilities. |
|
VCID-ktej-rr7k-aaag
Aliases: CVE-2018-10360 |
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
Affected by 6 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-mxvs-xu78-aaab
Aliases: CVE-2014-3479 |
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. |
Affected by 14 other vulnerabilities. |
|
VCID-pmr1-6a2w-aaag
Aliases: CVE-2014-0207 |
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. |
Affected by 14 other vulnerabilities. |
|
VCID-s7bp-2h8v-aaah
Aliases: CVE-2014-3587 |
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. |
Affected by 13 other vulnerabilities. |
|
VCID-t687-wt36-aaak
Aliases: CVE-2014-8117 |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. |
Affected by 9 other vulnerabilities. |
|
VCID-wkwn-96md-aaag
Aliases: CVE-2014-9653 |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. |
Affected by 5 other vulnerabilities. |
|
VCID-y4k2-4v7u-aaas
Aliases: CVE-2014-9620 |
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. |
Affected by 6 other vulnerabilities. |
|
VCID-yzk2-j6nx-aaaq
Aliases: CVE-2015-8865 |
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. |
Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|