File

file

Vendor: File Project • 18 CVEs

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48554 2Debian File Project 2Debian Linux File Nov 21, 2024 Aug 22, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVE-2019-18218 6Canonical DebianFedoraproject+3 more 6Active Iq Unified Manager Debian LinuxFedora+3 more Nov 21, 2024 Oct 21, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
CVE-2019-8907 4Canonical DebianFile Project+1 more 4Debian Linux FileLeap+1 more Nov 21, 2024 Feb 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
CVE-2019-8906 4Apple CanonicalFile Project+1 more 7File Iphone OsLeap+4 more Nov 21, 2024 Feb 18, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
CVE-2019-8905 4Canonical DebianFile Project+1 more 4Debian Linux FileLeap+1 more Nov 21, 2024 Feb 18, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVE-2019-8904 2Canonical File Project 2File Ubuntu Linux Nov 21, 2024 Feb 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
CVE-2018-10360 3Canonical File ProjectOpensuse 3File LeapUbuntu Linux Nov 21, 2024 Jun 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
CVE-2017-1000249 1File Project 1File May 13, 2026 Sep 11, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was...Show more An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).Show less
CVE-2014-9653 3Debian File ProjectPhp 3Debian Linux FilePhp May 6, 2026 Mar 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, w...Show more readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.Show less
CVE-2014-9652 2File Project Php 2File Php May 6, 2026 Mar 30, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during...Show more The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.Show less
CVE-2014-9621 1File Project 1File May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
CVE-2014-9620 1File Project 1File May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
CVE-2014-8117 4Canonical File ProjectFreebsd+1 more 4File FreebsdMageia+1 more May 6, 2026 Dec 17, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
CVE-2014-8116 4Canonical File ProjectFreebsd+1 more 4File FreebsdMageia+1 more May 6, 2026 Dec 17, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
CVE-2014-3487 5Debian File ProjectOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause...Show more The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.Show less
CVE-2014-3480 5Debian File ProjectOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to ca...Show more The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.Show less
CVE-2014-3479 5Debian File ProjectOpensuse+2 more 5Debian Linux FileLinux+2 more May 6, 2026 Jul 9, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to ca...Show more The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.Show less
CVE-2014-2270 5Canonical DebianFile Project+2 more 5Debian Linux FileOpensuse+2 more May 6, 2026 Mar 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.