CVE-2019-8906

Published: Feb 18, 2019Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Exploitability: 1.8 / Impact: 2.5

Source: NVD

Description

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

Affected (10)

Products: File Project: File · Canonical: Ubuntu Linux · Opensuse: Leap · +1 more

Show all products

File Project: File · Canonical: Ubuntu Linux · Opensuse: Leap · Apple: Iphone Os, Mac Os X, Tvos, Watchos

1 product

1 product

1 product

4 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
File Project File	Version 5.35

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 12.2
Apple Mac Os X	Before 10.14.4
Apple Tvos	Before 12.2
Apple Watchos	Before 5.2

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.astron.com/view.php?id=64

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f

Source: cve@mitre.org

PatchThird Party Advisory

https://support.apple.com/kb/HT209599

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT209600

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT209601

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT209602

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3911-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.astron.com/view.php?id=64

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://support.apple.com/kb/HT209599

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT209600

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT209601

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT209602

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3911-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.