File Project File vulnerabilities
41 known vulnerabilities affecting file_project/file.
Total CVEs
41
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH8MEDIUM27
Vulnerabilities
Page 1 of 3
CVE-2004-1304P3CRITICALCVSS 10.0PoC≥ 0, < 4.122005-01-10
CVE-2004-1304 [CRITICAL] CVE-2004-1304: Stack-based buffer overflow in the ELF header parsing code in file before 4
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
osv
CVE-2007-1536P3CRITICALCVSS 9.3PoC≥ 0, < 4.20-12007-03-20
CVE-2007-1536 [CRITICAL] CVE-2007-1536: Integer underflow in the file_printf function in the "file" program before 4
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
osv
CVE-2003-1092P4HIGHCVSS 7.5PoC≥ 0, < 3.4.12003-12-31
CVE-2003-1092 [HIGH] CVE-2003-1092: Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
osv
CVE-2009-0948P3CRITICALCVSS 9.8≥ 0, < 5.02-12021-06-02
CVE-2009-0948 [CRITICAL] CVE-2009-0948: Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5
Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
osv
CVE-2009-0947P3CRITICALCVSS 9.8≥ 0, < 5.02-12021-06-02
CVE-2009-0947 [CRITICAL] CVE-2009-0947: Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
osv
CVE-2019-18218P3HIGHCVSS 7.8≤ 5.372019-10-21
CVE-2019-18218 [HIGH] CWE-787 CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elem
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
nvdosv
CVE-2019-8904P3HIGHCVSS 8.8v5.352019-02-18
CVE-2019-8904 [HIGH] CWE-125 CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to f
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
nvdosv
CVE-2014-0207P3MEDIUMCVSS 6.5≥ 0, < 1:5.19-12014-07-09
CVE-2014-0207 [MEDIUM] CVE-2014-0207: The cdf_read_short_sector function in cdf
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
osv
CVE-2014-9653P3HIGHCVSS 7.5≤ 5.212015-03-30
CVE-2014-9653 [HIGH] CWE-20 CVE-2014-9653: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a c
nvdosv
CVE-2015-8865P3HIGHCVSS 7.3≥ 0, < 1:5.24-12016-05-20
CVE-2015-8865 [HIGH] CVE-2015-8865: The file_check_mem function in funcs
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
osv
CVE-2019-8907P3HIGHCVSS 8.8v5.352019-02-18
CVE-2019-8907 [HIGH] CWE-787 CVE-2019-8907: do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of se
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
nvdosv
CVE-2003-0102P4MEDIUMCVSS 4.6PoC≥ 0, < 3.40-1.12003-03-18
CVE-2003-0102 [MEDIUM] CVE-2003-0102: Buffer overflow in tryelf() in readelf
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
osv
CVE-2014-3480P4MEDIUMCVSS 6.5fixed in 5.192014-07-09
CVE-2014-3480 [MEDIUM] CWE-20 CVE-2014-3480: The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
nvdosv
CVE-2014-0237P4MEDIUMCVSS 5.0≥ 0, < 1:5.19-12014-06-01
CVE-2014-0237 [MEDIUM] CVE-2014-0237: The cdf_unpack_summary_info function in cdf
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
osv
CVE-2014-0238P4MEDIUMCVSS 5.0≥ 0, < 1:5.19-12014-06-01
CVE-2014-0238 [MEDIUM] CVE-2014-0238: The cdf_read_property_info function in cdf
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
osv
CVE-2014-3478P4MEDIUMCVSS 6.5≥ 0, < 1:5.19-12014-07-09
CVE-2014-3478 [MEDIUM] CVE-2014-3478: Buffer overflow in the mconvert function in softmagic
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
osv
CVE-2009-3930P4CRITICALCVSS 9.3≥ 0, < 5.03-12009-11-10
CVE-2009-3930 [CRITICAL] CVE-2009-3930: Multiple integer overflows in Christos Zoulas file before 5
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
osv
CVE-2014-0236P4HIGHCVSS 7.5≥ 0, < 1:5.19-12016-05-16
CVE-2014-0236 [HIGH] CVE-2014-0236: file before 5
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.
osv
CVE-2014-3587P4MEDIUMCVSS 6.5≥ 0, < 1:5.19-22014-08-23
CVE-2014-3587 [MEDIUM] CVE-2014-3587: Integer overflow in the cdf_read_property_info function in cdf
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
osv
CVE-2014-3538P4MEDIUMCVSS 5.0≥ 0, < 1:5.19-12014-07-03
CVE-2014-3538 [MEDIUM] CVE-2014-3538: file before 5
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
osv
1 / 3Next →