VYPR

File

by File Project

Source repositories

CVEs (44)

  • CVE-2009-0947Jun 2, 2021
    risk 0.00cvss epss 0.01

    Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.

  • CVE-2019-18218Oct 21, 2019
    risk 0.00cvss epss 0.02

    cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

  • CVE-2019-8906Feb 18, 2019
    risk 0.00cvss epss 0.00

    do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

  • CVE-2019-8907Feb 18, 2019
    risk 0.00cvss epss 0.03

    do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

  • CVE-2019-8904Feb 18, 2019
    risk 0.00cvss epss 0.02

    do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

  • CVE-2018-10360MedJun 11, 2018
    risk 0.00cvss 6.5epss 0.03

    The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

  • CVE-2014-9653Mar 30, 2015
    risk 0.00cvss epss 0.05

    readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service…

  • CVE-2014-9652Mar 30, 2015
    risk 0.00cvss epss 0.05

    The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which…

  • CVE-2014-9621Jan 21, 2015
    risk 0.00cvss epss 0.03

    The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

  • CVE-2014-9620Jan 21, 2015
    risk 0.00cvss epss 0.05

    The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

  • CVE-2014-8117Dec 17, 2014
    risk 0.00cvss epss 0.06

    softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

  • CVE-2014-8116Dec 17, 2014
    risk 0.00cvss epss 0.04

    The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

  • CVE-2014-3710Nov 5, 2014
    risk 0.00cvss epss 0.14

    The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted…

  • CVE-2014-3587Aug 23, 2014
    risk 0.00cvss epss 0.20

    Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this…

  • CVE-2014-3487Jul 9, 2014
    risk 0.00cvss epss 0.15

    The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF…

  • CVE-2014-3479Jul 9, 2014
    risk 0.00cvss epss 0.15

    The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted…

  • CVE-2014-3538Jul 3, 2014
    risk 0.00cvss epss 0.12

    file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability…

  • CVE-2013-7345Mar 24, 2014
    risk 0.00cvss epss 0.03

    The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers…

  • CVE-2014-2270Mar 14, 2014
    risk 0.00cvss epss 0.04

    softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

  • CVE-2009-3930Nov 10, 2009
    risk 0.00cvss epss 0.02

    Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.