Skip to main content

File

23 CVEs product

Monthly

CVE-2019-18218 HIGH POC PATCH This Week

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption File Debian Linux Leap +3
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-8907 HIGH POC This Week

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption File Debian Linux +2
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-8906 MEDIUM POC PATCH This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure File Ubuntu Linux Leap +4
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8905 MEDIUM POC This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Debian Linux File Ubuntu Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8904 HIGH POC This Week

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure File Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-10360 MEDIUM PATCH This Month

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow File Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
3.4%
CVE-2017-1000249 MEDIUM PATCH This Month

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow File
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9653 HIGH This Week

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP File Debian Linux
NVD GitHub
CVSS 2.0
7.5
EPSS
6.8%
CVE-2014-9652 MEDIUM This Month

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP Buffer Overflow File
NVD GitHub
CVSS 2.0
5.0
EPSS
5.8%
CVE-2014-9621 MEDIUM This Month

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-9620 MEDIUM This Month

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File
NVD GitHub
CVSS 2.0
5.0
EPSS
7.2%
CVE-2014-8117 MEDIUM PATCH This Month

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.5%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
16.5%
CVE-2014-8116 MEDIUM PATCH This Month

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
15.9%
CVE-2014-3587 MEDIUM POC PATCH THREAT This Month

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.1%.

Denial Of Service PHP File
NVD GitHub
CVSS 2.0
4.3
EPSS
19.1%
CVE-2014-3487 MEDIUM PATCH This Month

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.5%.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 2.0
4.3
EPSS
14.5%
CVE-2014-3480 MEDIUM PATCH This Month

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 3.1
6.5
EPSS
8.1%
CVE-2014-3479 MEDIUM PATCH This Month

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.8%.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 2.0
4.3
EPSS
14.8%
CVE-2014-3478 MEDIUM POC PATCH THREAT This Month

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

Denial Of Service PHP Buffer Overflow File
NVD GitHub
CVSS 3.1
6.5
EPSS
25.3%
CVE-2014-0207 MEDIUM PATCH This Month

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow File Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2014-3538 MEDIUM POC PATCH THREAT This Month

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

Denial Of Service File PHP Debian Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
21.0%
CVE-2013-7345 MEDIUM POC PATCH This Month

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service File PHP Debian Linux
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-2270 MEDIUM PATCH This Month

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Buffer Overflow File PHP Debian Linux +2
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
27.1%
CVE-2012-1571 MEDIUM POC PATCH This Month

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service File Libmagic
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption File +5
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure File +6
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Debian Linux +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure File +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow File
NVD GitHub
EPSS 7% CVSS 7.5
HIGH This Week

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP File +1
NVD GitHub
EPSS 6% CVSS 5.0
MEDIUM This Month

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File
NVD GitHub
EPSS 7% CVSS 5.0
MEDIUM This Month

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File
NVD GitHub
EPSS 16% CVSS 5.0
MEDIUM PATCH This Month

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.5%.

Denial Of Service File Freebsd +2
NVD GitHub
EPSS 16% CVSS 5.0
MEDIUM PATCH This Month

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Denial Of Service File Freebsd +2
NVD GitHub
EPSS 19% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.1%.

Denial Of Service PHP File
NVD GitHub
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.5%.

Denial Of Service PHP File +3
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM PATCH This Month

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP File +3
NVD GitHub
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.8%.

Denial Of Service PHP File +3
NVD GitHub
EPSS 25% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

Denial Of Service PHP Buffer Overflow +1
NVD GitHub
EPSS 9% CVSS 6.5
MEDIUM PATCH This Month

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow +4
NVD GitHub
EPSS 21% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

Denial Of Service File PHP +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service File PHP +1
NVD GitHub VulDB
EPSS 27% CVSS 4.3
MEDIUM PATCH This Month

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Buffer Overflow File +4
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service File +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy