CVE-2019-18218

Published: Oct 21, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Affected (15)

Products: File Project: File · Debian: Debian Linux · Opensuse: Leap · +3 more

Show all products

File Project: File · Debian: Debian Linux · Opensuse: Leap · Netapp: Active Iq Unified Manager · Fedoraproject: Fedora · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

Active Iq Unified Manager

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
File Project File	Up to 5.37

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	From 7.3

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration F

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (26)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202003-24

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200115-0001/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4172-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4172-2/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4550

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202003-24

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200115-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4172-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4172-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4550

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.