CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
21 Oct 2019 — cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Clus... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-8904 – Ubuntu Security Notice USN-3911-1
https://notcve.org/view.php?id=CVE-2019-8904
18 Feb 2019 — do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. do_bid_note en readelf.c en libmagic.a en la versión 5.35 de file tiene una sobrelectura de búfer basada en pila. It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. • http://www.securityfocus.com/bid/107130 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 1CVE-2019-8905
https://notcve.org/view.php?id=CVE-2019-8905
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file tiene una sobrelectura de búfer basada en pila relacionada con file_printable. Esta vulnerabilidad es diferente de CVE-2018-10360. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 1CVE-2019-8906 – Slackware Security Advisory - file Updates
https://notcve.org/view.php?id=CVE-2019-8906
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file tiene una lectura fuera de límites debido a una mala utilización de memcpy. New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-8907 – Slackware Security Advisory - file Updates
https://notcve.org/view.php?id=CVE-2019-8907
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file permite a los atacantes remotos provocar una denegación de servicio (corrupción de pila y cierre inesperado de la aplicación) o cualquier otro impacto no especificado. New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix sec... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-787: Out-of-bounds Write •