Summary
| Detail | |||
|---|---|---|---|
| Vendor | File Project | First view | 2014-12-17 |
| Product | File | Last view | 2019-10-21 |
| Version | 5.16 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:file_project:file | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2019-10-21 | CVE-2019-18218 | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). |
| 7.5 | 2015-03-30 | CVE-2014-9653 | readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. |
| 5 | 2015-03-30 | CVE-2014-9652 | The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. |
| 5 | 2015-01-21 | CVE-2014-9621 | The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. |
| 5 | 2015-01-21 | CVE-2014-9620 | The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. |
| 5 | 2014-12-17 | CVE-2014-8117 | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (3) | CWE-399 | Resource Management Errors |
| 16% (1) | CWE-787 | Out-of-bounds Write |
| 16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 16% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-11-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-3048-1.nasl - Type: ACT_GATHER_INFO |
| 2017-11-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1298.nasl - Type: ACT_GATHER_INFO |
| 2017-02-28 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL16347.nasl - Type: ACT_GATHER_INFO |
| 2017-01-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-42.nasl - Type: ACT_GATHER_INFO |
| 2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO |
| 2016-06-09 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20160510_file_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2016-05-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO |
| 2016-05-16 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2016-0050.nasl - Type: ACT_GATHER_INFO |
| 2016-05-16 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-0760.nasl - Type: ACT_GATHER_INFO |
| 2016-05-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO |
| 2015-12-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20151119_file_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2015-12-02 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-2155.nasl - Type: ACT_GATHER_INFO |
| 2015-11-24 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-2155.nasl - Type: ACT_GATHER_INFO |
| 2015-11-20 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-2155.nasl - Type: ACT_GATHER_INFO |
| 2015-10-05 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_10_11.nasl - Type: ACT_GATHER_INFO |
| 2015-07-22 | Name: The remote web server is affected by multiple vulnerabilities. File: hpsmh_7_5.nasl - Type: ACT_GATHER_INFO |
| 2015-06-25 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150623_php_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2015-06-24 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1135.nasl - Type: ACT_GATHER_INFO |
| 2015-06-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1135.nasl - Type: ACT_GATHER_INFO |
| 2015-06-24 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1135.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2014-1730-1.nasl - Type: ACT_GATHER_INFO |
| 2015-04-20 | Name: The remote Debian host is missing a security update. File: debian_DLA-204.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-080.nasl - Type: ACT_GATHER_INFO |
| 2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-145.nasl - Type: ACT_GATHER_INFO |
| 2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-131.nasl - Type: ACT_GATHER_INFO |
