MidnightBSD

Advisories for file_project

CVE-2014-2270 MEDIUM

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 11.4
canonical ubuntu_linux 12.04
canonical ubuntu_linux 13.10
debian debian_linux 7.0
opensuse opensuse 12.3
debian debian_linux 8.0
opensuse opensuse 13.1
php php *
canonical ubuntu_linux 10.04
file_project file *
canonical ubuntu_linux 12.10
debian debian_linux 6.0
CVE-2014-3479 MEDIUM

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse opensuse 11.4
file_project file *
debian debian_linux 7.0
debian debian_linux 8.0
php php *
oracle linux 7
CVE-2014-3480 MEDIUM

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 11.4
file_project file *
debian debian_linux 7.0
debian debian_linux 8.0
php php *
oracle linux 7
CVE-2014-3487 MEDIUM

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 11.4
file_project file *
debian debian_linux 7.0
debian debian_linux 8.0
php php *
oracle linux 7
CVE-2014-8116 MEDIUM

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
mageia mageia 4.0
canonical ubuntu_linux 14.10
file_project file 5.20
freebsd freebsd *
CVE-2014-8117 MEDIUM

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
mageia mageia 4.0
file_project file *
canonical ubuntu_linux 14.10
freebsd freebsd *
CVE-2014-9620 MEDIUM

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
file_project file 5.09
file_project file 5.21
file_project file 5.15
file_project file 5.08
file_project file 5.18
file_project file 5.12
file_project file 5.17
file_project file 5.11
file_project file 5.19
file_project file 5.10
file_project file 5.20
file_project file 5.13
file_project file 5.16
file_project file 5.14
CVE-2014-9621 MEDIUM

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
file_project file 5.17
file_project file 5.19
file_project file 5.20
file_project file 5.21
file_project file 5.16
file_project file 5.18
CVE-2014-9652 MEDIUM

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
php php 5.5.9
php php 5.5.2
php php 5.5.4
php php 5.5.17
php php 5.5.3
php php 5.5.16
php php 5.5.1
php php 5.5.6
php php 5.5.7
php php 5.5.11
php php 5.6.4
php php 5.5.5
php php 5.6.2
php php 5.5.0
php php 5.5.10
php php 5.6.1
php php 5.5.8
php php *
php php 5.5.19
php php 5.5.15
php php 5.5.12
php php 5.5.20
php php 5.5.13
file_project file *
php php 5.6.3
php php 5.5.14
php php 5.5.18
php php 5.6.0
CVE-2014-9653 HIGH

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
php php 5.5.9
php php 5.5.2
php php 5.5.4
debian debian_linux 7.0
php php 5.5.17
php php 5.5.3
php php 5.5.16
php php 5.5.1
php php 5.5.6
php php 5.5.7
php php 5.5.11
php php 5.6.4
php php 5.5.5
php php 5.6.2
php php 5.5.0
php php 5.5.10
php php 5.6.1
php php 5.5.8
php php *
php php 5.5.19
php php 5.5.15
php php 5.5.12
php php 5.5.20
php php 5.5.13
file_project file *
php php 5.6.3
php php 5.5.14
php php 5.5.18
php php 5.6.0
CVE-2017-1000249 LOW

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
file_project file 5.29
CVE-2018-10360 MEDIUM

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 12.04
opensuse leap 15.0
opensuse leap 42.3
canonical ubuntu_linux 18.04
file_project file 5.33
CVE-2019-18218 MEDIUM

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 10.0
canonical ubuntu_linux 19.10
debian debian_linux 8.0
netapp active_iq_unified_manager *
debian debian_linux 9.0
fedoraproject fedora 31
canonical ubuntu_linux 16.04
fedoraproject fedora 29
fedoraproject fedora 30
file_project file *
opensuse leap 15.1
canonical ubuntu_linux 18.04
CVE-2019-8904 MEDIUM

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
file_project file 5.35
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
CVE-2019-8905 LOW

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
file_project file 5.35
canonical ubuntu_linux 16.04
opensuse leap 15.0
debian debian_linux 8.0
opensuse leap 42.3
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
CVE-2019-8906 LOW

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
apple mac_os_x *
file_project file 5.35
apple iphone_os *
canonical ubuntu_linux 16.04
opensuse leap 15.0
apple watchos *
opensuse leap 42.3
apple tvos *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
CVE-2019-8907 MEDIUM

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
file_project file 5.35
canonical ubuntu_linux 16.04
opensuse leap 15.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
CVE-2022-48554

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
file_project file 5.41
file_project file *
debian debian_linux 11.0