File Project File vulnerabilities

CVE-2014-3479 [MEDIUM] CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE-2014-3478 [MEDIUM] CVE-2014-3478: Buffer overflow in the mconvert function in softmagic Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

CVE-2014-3487 [MEDIUM] CWE-20 CVE-2014-3487: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP be The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

CVE-2014-3480 [MEDIUM] CWE-20 CVE-2014-3480: The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

CVE-2014-0207 [MEDIUM] CVE-2014-0207: The cdf_read_short_sector function in cdf The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-3538 [MEDIUM] CVE-2014-3538: file before 5 file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

CVE-2014-0237 [MEDIUM] CVE-2014-0237: The cdf_unpack_summary_info function in cdf The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

CVE-2014-0238 [MEDIUM] CVE-2014-0238: The cdf_read_property_info function in cdf The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

CVE-2013-7345 [MEDIUM] CVE-2013-7345: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline charact

CVE-2014-2270 [MEDIUM] CWE-119 CVE-2014-2270: softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

CVE-2014-1943 [MEDIUM] CVE-2014-1943: Fine Free file before 5 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

CVE-2012-1571 [MEDIUM] CVE-2012-1571: file before 5 file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

CVE-2009-3930 [CRITICAL] CVE-2009-3930: Multiple integer overflows in Christos Zoulas file before 5 Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.

CVE-2009-2830 [MEDIUM] CVE-2009-2830: Multiple buffer overflows in Christos Zoulas file before 5 Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.

CVE-2009-1515 [MEDIUM] CVE-2009-1515: Heap-based buffer overflow in the cdf_read_sat function in src/cdf Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.

CVE-2007-2799 [CRITICAL] CVE-2007-2799: Integer overflow in the "file" program 4 Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

CVE-2007-2026 [HIGH] CVE-2007-2026: The gnu regular expression code in file 4 The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.

CVE-2007-1536 [CRITICAL] CVE-2007-1536: Integer underflow in the file_printf function in the "file" program before 4 Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

CVE-2004-1304 [CRITICAL] CVE-2004-1304: Stack-based buffer overflow in the ELF header parsing code in file before 4 Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

CVE-2003-1092 [HIGH] CVE-2003-1092: Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3 Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.