Skip to main content

File CVE-2019-8904

HIGH
Out-of-bounds Read (CWE-125)
2019-02-18 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 18, 2019 - 17:29 nvd
HIGH 8.8

DescriptionNVD

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

AnalysisAI

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Affected products include: File Project File, Canonical Ubuntu Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in File

View all
CVE-2014-3478 MEDIUM POC
6.5 Jul 09

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP be

CVE-2014-3538 MEDIUM POC
5.0 Jul 03

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers

CVE-2019-8907 HIGH POC
8.8 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corrupt

CVE-2014-3587 MEDIUM POC
4.3 Aug 23

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component

CVE-2019-18218 HIGH POC
7.8 Oct 21

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a

CVE-2012-1571 MEDIUM POC
6.5 Jul 17

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Docume

CVE-2014-2270 MEDIUM
4.3 Mar 14

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bou

CVE-2013-7345 MEDIUM POC
5.0 Mar 24

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildc

CVE-2014-9653 HIGH
7.5 Mar 30

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x be

CVE-2019-8906 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium s

CVE-2019-8905 MEDIUM POC
4.4 Feb 18

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a di

CVE-2014-0207 MEDIUM
6.5 Jul 09

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30

Share

CVE-2019-8904 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy