File
by File Project
Source repositories
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0947 | 0.00 | — | 0.01 | Jun 2, 2021 | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. | |||
| CVE-2019-18218 | 0.00 | — | 0.02 | Oct 21, 2019 | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | |||
| CVE-2019-8906 | 0.00 | — | 0.00 | Feb 18, 2019 | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | |||
| CVE-2019-8907 | 0.00 | — | 0.03 | Feb 18, 2019 | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | |||
| CVE-2019-8904 | 0.00 | — | 0.02 | Feb 18, 2019 | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | |||
| CVE-2018-10360 | Med | 0.00 | 6.5 | 0.03 | Jun 11, 2018 | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | ||
| CVE-2014-9653 | 0.00 | — | 0.05 | Mar 30, 2015 | readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service… | |||
| CVE-2014-9652 | 0.00 | — | 0.05 | Mar 30, 2015 | The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which… | |||
| CVE-2014-9621 | 0.00 | — | 0.03 | Jan 21, 2015 | The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. | |||
| CVE-2014-9620 | 0.00 | — | 0.05 | Jan 21, 2015 | The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. | |||
| CVE-2014-8117 | 0.00 | — | 0.06 | Dec 17, 2014 | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | |||
| CVE-2014-8116 | 0.00 | — | 0.04 | Dec 17, 2014 | The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. | |||
| CVE-2014-3710 | 0.00 | — | 0.14 | Nov 5, 2014 | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted… | |||
| CVE-2014-3587 | 0.00 | — | 0.20 | Aug 23, 2014 | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this… | |||
| CVE-2014-3487 | 0.00 | — | 0.15 | Jul 9, 2014 | The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF… | |||
| CVE-2014-3479 | 0.00 | — | 0.15 | Jul 9, 2014 | The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted… | |||
| CVE-2014-3538 | 0.00 | — | 0.12 | Jul 3, 2014 | file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability… | |||
| CVE-2013-7345 | 0.00 | — | 0.03 | Mar 24, 2014 | The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers… | |||
| CVE-2014-2270 | 0.00 | — | 0.04 | Mar 14, 2014 | softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. | |||
| CVE-2009-3930 | 0.00 | — | 0.02 | Nov 10, 2009 | Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. |
- CVE-2009-0947Jun 2, 2021risk 0.00cvss —epss 0.01
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
- CVE-2019-18218Oct 21, 2019risk 0.00cvss —epss 0.02
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
- CVE-2019-8906Feb 18, 2019risk 0.00cvss —epss 0.00
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
- CVE-2019-8907Feb 18, 2019risk 0.00cvss —epss 0.03
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
- CVE-2019-8904Feb 18, 2019risk 0.00cvss —epss 0.02
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
- risk 0.00cvss 6.5epss 0.03
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
- CVE-2014-9653Mar 30, 2015risk 0.00cvss —epss 0.05
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service…
- CVE-2014-9652Mar 30, 2015risk 0.00cvss —epss 0.05
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which…
- CVE-2014-9621Jan 21, 2015risk 0.00cvss —epss 0.03
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
- CVE-2014-9620Jan 21, 2015risk 0.00cvss —epss 0.05
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
- CVE-2014-8117Dec 17, 2014risk 0.00cvss —epss 0.06
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
- CVE-2014-8116Dec 17, 2014risk 0.00cvss —epss 0.04
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
- CVE-2014-3710Nov 5, 2014risk 0.00cvss —epss 0.14
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted…
- CVE-2014-3587Aug 23, 2014risk 0.00cvss —epss 0.20
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this…
- CVE-2014-3487Jul 9, 2014risk 0.00cvss —epss 0.15
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF…
- CVE-2014-3479Jul 9, 2014risk 0.00cvss —epss 0.15
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted…
- CVE-2014-3538Jul 3, 2014risk 0.00cvss —epss 0.12
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability…
- CVE-2013-7345Mar 24, 2014risk 0.00cvss —epss 0.03
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers…
- CVE-2014-2270Mar 14, 2014risk 0.00cvss —epss 0.04
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
- CVE-2009-3930Nov 10, 2009risk 0.00cvss —epss 0.02
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
Page 2 of 3