CVSS: 6.2EPSS: 18%CPEs: 88EXPL: 2CVE-2014-3587 – file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
https://notcve.org/view.php?id=CVE-2014-3587
21 Aug 2014 — Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. Desbordamiento de enteros en la función cdf_read_property_info en cdf.c en ficheros hasta 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.32 y 5.5.x ant... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 18%CPEs: 8EXPL: 0CVE-2014-0207 – file: cdf_read_short_sector insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-0207
09 Jul 2014 — The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. La función cdf_read_short_sector en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 31%CPEs: 79EXPL: 1CVE-2014-3478 – file: mconvert incorrect handling of truncated pascal string size
https://notcve.org/view.php?id=CVE-2014-3478
09 Jul 2014 — Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. Desbordamiento de buffer en la función mconvert en softmagic.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegació... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 8%CPEs: 23EXPL: 4CVE-2014-3538 – file: unrestricted regular expression matching
https://notcve.org/view.php?id=CVE-2014-3538
03 Jul 2014 — file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de C... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 6.2EPSS: 2%CPEs: 6EXPL: 2CVE-2013-7345 – file: extensive backtracking in awk rule regular expression
https://notcve.org/view.php?id=CVE-2013-7345
23 Mar 2014 — The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. La expresión regular BEGIN en el detector de script de awk en el archivo magic/Magdir/commands anterior a 5.15 utiliza múltiples comodines con ... • http://bugs.gw.com/view.php?id=164 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2012-1571 – file: out of bounds read in CDF parser
https://notcve.org/view.php?id=CVE-2012-1571
17 Jul 2012 — file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. archivo antes de v5.11 y libmagic permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo de documento elaborado compuesto (CDF) que activa (1) una lectura fuera de límites o (2) una desreferencia de puntero no válido. A denial of service flaw was found i... • http://mx.gw.com/pipermail/file/2012/000914.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3930
https://notcve.org/view.php?id=CVE-2009-3930
10 Nov 2009 — Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. Múltiples desbordamiento de búfer en Christos Zoulas file before v5.02 permite a atacantes asistidos remotamente por usuarios tienen un impacto no especificado a través de un componente de documento manipulado (como cdf) archivo que provoca un desbordamiento de búfer. • http://mx.gw.com/pipermail/file/2009/000382.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2009-1515
https://notcve.org/view.php?id=CVE-2009-1515
04 May 2009 — Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función cdf_read_sat en src/cdf.c en Christos Zoulas file v5.00, permite a atacantes remotos asistidos por usuarios ejecutar código se su elecci... • ftp://ftp.astron.com/pub/file/file-5.01.tar.gz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 10EXPL: 1CVE-2003-1092 – File 3.x - Utility Local Memory Allocation
https://notcve.org/view.php?id=CVE-2003-1092
31 Dec 2003 — Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact. • https://www.exploit-db.com/exploits/22326 •