VYPR

File

by File Project

Source repositories

CVEs (44)

  • CVE-2024-8058HigDec 16, 2024
    risk 0.49cvss 7.6epss 0.00

    An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.

  • CVE-2014-0236HigMay 16, 2016
    risk 0.49cvss 7.5epss 0.03

    file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

  • CVE-2025-6249MedJul 17, 2025
    risk 0.44cvss 6.7epss 0.00

    An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.

  • CVE-2015-8865HigMay 20, 2016
    risk 0.41cvss 7.3epss 0.05

    The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer…

  • CVE-2014-0207MedJul 9, 2014
    risk 0.37cvss 6.5epss 0.17

    The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

  • CVE-2017-1000249MedSep 11, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793…

  • CVE-2014-3480MedJul 9, 2014
    risk 0.36cvss 6.5epss 0.11

    The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted…

  • CVE-2014-3478MedJul 9, 2014
    risk 0.36cvss 6.5epss 0.15

    Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING…

  • CVE-2012-1571MedJul 17, 2012
    risk 0.36cvss 6.5epss 0.04

    file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

  • CVE-2025-2070MedApr 25, 2025
    risk 0.33cvss 5.0epss 0.00

    An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.

  • CVE-2025-2069MedApr 25, 2025
    risk 0.33cvss 5.0epss 0.00

    A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.

  • CVE-2025-2068MedApr 25, 2025
    risk 0.33cvss 5.0epss 0.00

    An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.

  • CVE-2007-1536Mar 20, 2007
    risk 0.04cvss epss 0.12

    Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

  • CVE-2004-1304Jan 10, 2005
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

  • CVE-2003-1092Dec 31, 2003
    risk 0.03cvss epss 0.04

    Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.

  • CVE-2003-0102Mar 18, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

  • CVE-2022-48554Aug 22, 2023
    risk 0.00cvss epss 0.01

    File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

  • CVE-2020-23040Oct 22, 2021
    risk 0.00cvss epss 0.02

    Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.

  • CVE-2020-36488Oct 22, 2021
    risk 0.00cvss epss 0.01

    An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.

  • CVE-2009-0948Jun 2, 2021
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.

Page 1 of 3