Skip to main content

File CVE-2018-10360

MEDIUM
Out-of-bounds Read (CWE-125)
2018-06-11 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 11, 2018 - 10:29 nvd
MEDIUM 6.5

DescriptionNVD

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

AnalysisAI

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Affected products include: File Project File, Canonical Ubuntu Linux, Opensuse Leap.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in File

View all
CVE-2014-3478 MEDIUM POC
6.5 Jul 09

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP be

CVE-2014-3538 MEDIUM POC
5.0 Jul 03

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers

CVE-2019-8907 HIGH POC
8.8 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corrupt

CVE-2019-8904 HIGH POC
8.8 Feb 18

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_

CVE-2014-3587 MEDIUM POC
4.3 Aug 23

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component

CVE-2019-18218 HIGH POC
7.8 Oct 21

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a

CVE-2012-1571 MEDIUM POC
6.5 Jul 17

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Docume

CVE-2014-2270 MEDIUM
4.3 Mar 14

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bou

CVE-2013-7345 MEDIUM POC
5.0 Mar 24

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildc

CVE-2014-9653 HIGH
7.5 Mar 30

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x be

CVE-2019-8906 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium s

CVE-2019-8905 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a di

Share

CVE-2018-10360 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy