CVE-2019-8906
published 2019-02-18CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
medium4.4CVSS 3.1
AVLACLPRLUINSUCLINAL
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 12.2 | 12.2 |
| apple | mac_os_x | < 10.14.4 | 10.14.4 |
| apple | macos_mojave_10.14.4_security_update_2019-002_high_sierra_security_update_2019-0 | — | — |
| apple | tvos | < 12.2 | 12.2 |
| apple | tvos | — | — |
| apple | watchos | < 5.2 | 5.2 |
| apple | watchos | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | file | < file 1:5.35-3 (bookworm) | file 1:5.35-3 (bookworm) |
| file_project | file | — | — |
| file_project | file | >= 0 < 1:5.35-3 | 1:5.35-3 |
| file_project | file | >= 0 < 1:5.35-3 | 1:5.35-3 |
| file_project | file | >= 0 < 1:5.35-3 | 1:5.35-3 |
| file_project | file | >= 0 < 1:5.35-3 | 1:5.35-3 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
osv4.4MEDIUM