File
by File Project
Source repositories
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8058 | Hig | 0.49 | 7.6 | 0.00 | Dec 16, 2024 | An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. | ||
| CVE-2014-0236 | Hig | 0.49 | 7.5 | 0.03 | May 16, 2016 | file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c. | ||
| CVE-2025-6249 | Med | 0.44 | 6.7 | 0.00 | Jul 17, 2025 | An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data. | ||
| CVE-2015-8865 | Hig | 0.41 | 7.3 | 0.05 | May 20, 2016 | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer… | ||
| CVE-2014-0207 | Med | 0.37 | 6.5 | 0.17 | Jul 9, 2014 | The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. | ||
| CVE-2017-1000249 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2017 | An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793… | ||
| CVE-2014-3480 | Med | 0.36 | 6.5 | 0.11 | Jul 9, 2014 | The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted… | ||
| CVE-2014-3478 | Med | 0.36 | 6.5 | 0.15 | Jul 9, 2014 | Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING… | ||
| CVE-2012-1571 | Med | 0.36 | 6.5 | 0.04 | Jul 17, 2012 | file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | ||
| CVE-2025-2070 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. | ||
| CVE-2025-2069 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user. | ||
| CVE-2025-2068 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. | ||
| CVE-2007-1536 | 0.04 | — | 0.12 | Mar 20, 2007 | Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. | |||
| CVE-2004-1304 | 0.04 | — | 0.11 | Jan 10, 2005 | Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. | |||
| CVE-2003-1092 | 0.03 | — | 0.04 | Dec 31, 2003 | Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact. | |||
| CVE-2003-0102 | 0.03 | — | 0.02 | Mar 18, 2003 | Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). | |||
| CVE-2022-48554 | 0.00 | — | 0.01 | Aug 22, 2023 | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | |||
| CVE-2020-23040 | 0.00 | — | 0.02 | Oct 22, 2021 | Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | |||
| CVE-2020-36488 | 0.00 | — | 0.01 | Oct 22, 2021 | An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | |||
| CVE-2009-0948 | 0.00 | — | 0.01 | Jun 2, 2021 | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. |
- risk 0.49cvss 7.6epss 0.00
An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.
- risk 0.49cvss 7.5epss 0.03
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.
- risk 0.44cvss 6.7epss 0.00
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.
- risk 0.41cvss 7.3epss 0.05
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer…
- risk 0.37cvss 6.5epss 0.17
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
- risk 0.36cvss 5.5epss 0.00
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793…
- risk 0.36cvss 6.5epss 0.11
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted…
- risk 0.36cvss 6.5epss 0.15
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING…
- risk 0.36cvss 6.5epss 0.04
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
- risk 0.33cvss 5.0epss 0.00
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
- risk 0.33cvss 5.0epss 0.00
A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.
- risk 0.33cvss 5.0epss 0.00
An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
- CVE-2007-1536Mar 20, 2007risk 0.04cvss —epss 0.12
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
- CVE-2004-1304Jan 10, 2005risk 0.04cvss —epss 0.11
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
- CVE-2003-1092Dec 31, 2003risk 0.03cvss —epss 0.04
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
- CVE-2003-0102Mar 18, 2003risk 0.03cvss —epss 0.02
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
- CVE-2022-48554Aug 22, 2023risk 0.00cvss —epss 0.01
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
- CVE-2020-23040Oct 22, 2021risk 0.00cvss —epss 0.02
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
- CVE-2020-36488Oct 22, 2021risk 0.00cvss —epss 0.01
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.
- CVE-2009-0948Jun 2, 2021risk 0.00cvss —epss 0.01
Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
Page 1 of 3