23 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ https://lists.fedoraproject.org/archives/list/p • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 4%CPEs: 49EXPL: 0

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. readelf.c en file anterior a 5.22, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no considera que las llamadas a pread a veces leen solamente un subjuego de los datos disponibles, lo que permite a atacantes remotos causar una denegación de servicio (acceso a memoria no inicializada) o posiblemente tener otro impacto a través de un fichero ELF manipulado. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory. • http://bugs.gw.com/view.php?id=409 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://mx.gw.com/pipermail/file/2014/001649.html http://openwall.com/lists/oss-security/2015/02/05/13 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.debian.org/security/2015/dsa-3196 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www&# • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 8%CPEs: 48EXPL: 0

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no maneja correctamente cierto campo de longitud de cadenas durante una copia de una versión trucada de una cadena Pascal, lo que podría permitir a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero manipulado. An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file. • http://bugs.gw.com/view.php?id=398 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 5%CPEs: 14EXPL: 0

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. El analizador ELF en file 5.08 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de un número grande de notas. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. • http://advisories.mageia.org/MGASA-2015-0040.html http://mx.gw.com/pipermail/file/2014/001653.html http://mx.gw.com/pipermail/file/2015/001660.html http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.debian.org/security/2015/dsa-3121 http://www.openwall.com/lists/oss-security/2015/01/17/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/71715 https://github.com/file/file/commit/ce90e05774dd77d86cf • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 0

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. El analizador ELF en file 5.16 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de una cadena larga. • http://advisories.mageia.org/MGASA-2015-0040.html http://mx.gw.com/pipermail/file/2014/001654.html http://mx.gw.com/pipermail/file/2015/001660.html http://www.openwall.com/lists/oss-security/2015/01/17/9 https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c https://security.gentoo.org/glsa/201503-08 https://usn.ubuntu.com/3686-1 • CWE-399: Resource Management Errors •