File Project File vulnerabilities
41 known vulnerabilities affecting file_project/file.
Total CVEs
41
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH8MEDIUM27
Vulnerabilities
Page 2 of 3
CVE-2009-2830P4MEDIUMCVSS 6.8≥ 0, < 5.03-12009-11-10
CVE-2009-2830 [MEDIUM] CVE-2009-2830: Multiple buffer overflows in Christos Zoulas file before 5
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
osv
CVE-2009-1515P4MEDIUMCVSS 6.8≥ 0, < 5.02-12009-05-04
CVE-2009-1515 [MEDIUM] CVE-2009-1515: Heap-based buffer overflow in the cdf_read_sat function in src/cdf
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
osv
CVE-2014-3710P4MEDIUMCVSS 5.0≥ 0, < 1:5.20-22014-11-05
CVE-2014-3710 [MEDIUM] CVE-2014-3710: The donote function in readelf
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
osv
CVE-2007-2026P4HIGHCVSS 7.8≥ 0, < 4.20-62007-04-13
CVE-2007-2026 [HIGH] CVE-2007-2026: The gnu regular expression code in file 4
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
osv
CVE-2014-3487P4MEDIUMCVSS 4.3fixed in 5.192014-07-09
CVE-2014-3487 [MEDIUM] CWE-20 CVE-2014-3487: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP be
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
nvdosv
CVE-2014-8117P4MEDIUMCVSS 5.0≤ 5.202014-12-17
CVE-2014-8117 [MEDIUM] CWE-399 CVE-2014-8117: softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
nvdosv
CVE-2014-9652P4MEDIUMCVSS 5.0≤ 5.202015-03-30
CVE-2014-9652 [MEDIUM] CWE-119 CVE-2014-9652: The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP b
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds mem
nvdosv
CVE-2012-1571P4MEDIUMCVSS 6.5≥ 0, < 5.11-12012-07-17
CVE-2012-1571 [MEDIUM] CVE-2012-1571: file before 5
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
osv
CVE-2007-2799P4CRITICALCVSS 9.3≥ 0, < 4.21-12007-05-23
CVE-2007-2799 [CRITICAL] CVE-2007-2799: Integer overflow in the "file" program 4
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
osv
CVE-2014-3479P4MEDIUMCVSS 4.3fixed in 5.192014-07-09
CVE-2014-3479 [MEDIUM] CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
nvdosv
CVE-2018-10360P4MEDIUMCVSS 6.5v5.332018-06-11
CVE-2018-10360 [MEDIUM] CWE-125 CVE-2018-10360: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
nvdosv
CVE-2017-1000249P4MEDIUMCVSS 5.5v5.292017-09-11
CVE-2017-1000249 [MEDIUM] CWE-119 CVE-2017-1000249: An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
nvdosv
CVE-2014-1943P4MEDIUMCVSS 5.0≥ 0, < 1:5.17-0.12014-02-18
CVE-2014-1943 [MEDIUM] CVE-2014-1943: Fine Free file before 5
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
osv
CVE-2014-9620P4MEDIUMCVSS 5.0v5.08v5.09+12 more2015-01-21
CVE-2014-9620 [MEDIUM] CWE-399 CVE-2014-9620: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
nvdosv
CVE-2014-8116P4MEDIUMCVSS 5.0v5.202014-12-17
CVE-2014-8116 [MEDIUM] CWE-399 CVE-2014-8116: The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
nvdosv
CVE-2014-9621P4MEDIUMCVSS 5.0v5.16v5.17+4 more2015-01-21
CVE-2014-9621 [MEDIUM] CWE-399 CVE-2014-9621: The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
nvdosv
CVE-2014-2270P4MEDIUMCVSS 4.3fixed in 5.172014-03-14
CVE-2014-2270 [MEDIUM] CWE-119 CVE-2014-2270: softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
nvdosv
CVE-2013-7345P4MEDIUMCVSS 5.0≥ 0, < 1:5.17-0.12014-03-24
CVE-2013-7345 [MEDIUM] CVE-2013-7345: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline charact
osv
CVE-2022-48554P4MEDIUMCVSS 5.5v5.412023-08-22
CVE-2022-48554 [MEDIUM] CWE-125 CVE-2022-48554: File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
nvdosv
CVE-2019-8905P4MEDIUMCVSS 4.4v5.352019-02-18
CVE-2019-8905 [MEDIUM] CVE-2019-8905: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
nvdosv