CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
21 Oct 2019 — cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Clus... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 9%CPEs: 49EXPL: 0CVE-2014-9653 – file: malformed elf file causes access to uninitialized memory
https://notcve.org/view.php?id=CVE-2014-9653
19 Mar 2015 — readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. readelf.c en file anterior a 5.22, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior... • http://bugs.gw.com/view.php?id=409 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 48EXPL: 0CVE-2014-9652 – file: out of bounds read in mconvert()
https://notcve.org/view.php?id=CVE-2014-9652
17 Feb 2015 — The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP an... • http://bugs.gw.com/view.php?id=398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 0CVE-2014-9620 – file: limit the number of ELF notes processed
https://notcve.org/view.php?id=CVE-2014-9620
21 Jan 2015 — The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. El analizador ELF en file 5.08 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de un número grande de notas. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. Alexander C... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-9621 – Ubuntu Security Notice USN-3686-1
https://notcve.org/view.php?id=CVE-2014-9621
21 Jan 2015 — The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. El analizador ELF en file 5.16 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de una cadena larga. Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 9%CPEs: 7EXPL: 0CVE-2014-8117 – file: denial of service issue (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8117
10 Dec 2014 — softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. softmagic.c en archivo anterior a 5.21 no limita adecuadamente el límite de recursividad, esto permite a atacantes remotos, provocar una denegación de servicio (consumo de CPU o rotura) mediante vectores no especificados. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 6.2EPSS: 18%CPEs: 88EXPL: 2CVE-2014-3587 – file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
https://notcve.org/view.php?id=CVE-2014-3587
21 Aug 2014 — Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. Desbordamiento de enteros en la función cdf_read_property_info en cdf.c en ficheros hasta 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.32 y 5.5.x ant... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 12%CPEs: 8EXPL: 0CVE-2014-3479 – file: cdf_check_stream_offset insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3479
09 Jul 2014 — The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. La función cdf_check_stream_offset en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, depende de datos de tamaño de sectores incorrect... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 9.1EPSS: 17%CPEs: 8EXPL: 0CVE-2014-3487 – file: cdf_read_property_info insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3487
09 Jul 2014 — The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_read_property_info en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente un desplazamiento de flujo, lo que permite a atacantes remo... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 18%CPEs: 8EXPL: 0CVE-2014-0207 – file: cdf_read_short_sector insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-0207
09 Jul 2014 — The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. La función cdf_read_short_sector en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •