This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor File Project First view 2014-12-17
Product File Last view 2019-10-21
Version 5.13 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:file_project:file

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-10-21 CVE-2019-18218

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

7.5 2015-03-30 CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

5 2015-03-30 CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

5 2015-01-21 CVE-2014-9620

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

5 2014-12-17 CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-399 Resource Management Errors
20% (1) CWE-787 Out-of-bounds Write
20% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-11-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3048-1.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1298.nasl - Type: ACT_GATHER_INFO
2017-02-28 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16347.nasl - Type: ACT_GATHER_INFO
2017-01-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-42.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2016-06-09 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160510_file_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-05-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2016-0050.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-05-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2015-12-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20151119_file_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-2155.nasl - Type: ACT_GATHER_INFO
2015-11-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-2155.nasl - Type: ACT_GATHER_INFO
2015-11-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-2155.nasl - Type: ACT_GATHER_INFO
2015-10-05 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_11.nasl - Type: ACT_GATHER_INFO
2015-07-22 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_5.nasl - Type: ACT_GATHER_INFO
2015-06-25 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150623_php_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-06-24 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1135.nasl - Type: ACT_GATHER_INFO
2015-06-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1135.nasl - Type: ACT_GATHER_INFO
2015-06-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-1135.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-1730-1.nasl - Type: ACT_GATHER_INFO
2015-04-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-204.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-080.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-145.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-131.nasl - Type: ACT_GATHER_INFO