Skip to main content

File CVE-2019-18218

HIGH
Out-of-bounds Write (CWE-787)
2019-10-21 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 21, 2019 - 05:15 nvd
HIGH 7.8

DescriptionNVD

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

AnalysisAI

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Affected products include: File Project File, Debian Debian Linux, Opensuse Leap, Netapp Active Iq Unified Manager, Fedoraproject Fedora. Version information: through 5.37.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in File

View all
CVE-2014-3478 MEDIUM POC
6.5 Jul 09

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP be

CVE-2014-3538 MEDIUM POC
5.0 Jul 03

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers

CVE-2019-8907 HIGH POC
8.8 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corrupt

CVE-2019-8904 HIGH POC
8.8 Feb 18

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_

CVE-2014-3587 MEDIUM POC
4.3 Aug 23

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component

CVE-2012-1571 MEDIUM POC
6.5 Jul 17

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Docume

CVE-2014-2270 MEDIUM
4.3 Mar 14

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bou

CVE-2013-7345 MEDIUM POC
5.0 Mar 24

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildc

CVE-2014-9653 HIGH
7.5 Mar 30

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x be

CVE-2019-8906 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium s

CVE-2019-8905 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a di

CVE-2014-0207 MEDIUM
6.5 Jul 09

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30

Share

CVE-2019-18218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy