This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor File Project First view 2017-09-11
Product File Last view 2019-10-21
Version 5.29 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:file_project:file

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-10-21 CVE-2019-18218

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

5.5 2017-09-11 CVE-2017-1000249

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-787 Out-of-bounds Write
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Nessus® Vulnerability Scanner

id Description
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-6a10869603.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-02.nasl - Type: ACT_GATHER_INFO
2017-10-04 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-900.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Fedora host is missing a security update.
File: fedora_2017-bb4c07b01a.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3412-1.nasl - Type: ACT_GATHER_INFO
2017-09-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3965.nasl - Type: ACT_GATHER_INFO