VYPR

rpm package

opensuse/file&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/file&distro=openSUSE%20Tumbleweed

Vulnerabilities (11)

  • CVE-2019-18218Oct 21, 2019
    affected < 5.40-1.14fixed 5.40-1.14

    cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

  • CVE-2019-8907Feb 18, 2019
    affected < 5.40-1.14fixed 5.40-1.14

    do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

  • CVE-2019-8904Feb 18, 2019
    affected < 5.40-1.14fixed 5.40-1.14

    do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

  • CVE-2018-10360MedJun 11, 2018
    affected < 5.40-1.14fixed 5.40-1.14

    The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

  • CVE-2017-1000249MedSep 11, 2017
    affected < 5.40-1.14fixed 5.40-1.14

    An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Au

  • CVE-2014-8117Dec 17, 2014
    affected < 5.29-2.1fixed 5.29-2.1

    softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

  • CVE-2014-8116Dec 17, 2014
    affected < 5.29-2.1fixed 5.29-2.1

    The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

  • CVE-2014-3710Nov 5, 2014
    affected < 5.29-2.1fixed 5.29-2.1

    The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted EL

  • CVE-2012-1571MedJul 17, 2012
    affected < 5.29-2.1fixed 5.29-2.1

    file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

  • CVE-2007-2799May 23, 2007
    affected < 5.40-1.14fixed 5.40-1.14

    Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this iss

  • CVE-2007-1536Mar 20, 2007
    affected < 5.40-1.14fixed 5.40-1.14

    Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.