File

This hub aggregates every CVE we track for File, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting File.

• CVE-2022-48554File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.5.5Aug 22, 2023
• CVE-2009-0948Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.9.8Jun 2, 2021
• CVE-2009-0947Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.9.8Jun 2, 2021
• CVE-2011-4116_is_safe in the File::Temp module for Perl does not properly handle symlinks.3.3Jan 31, 2020
• CVE-2019-18218cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).7.8Oct 21, 2019
• CVE-2019-8907do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.8.8Feb 18, 2019
• CVE-2019-8904do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.8.8Feb 18, 2019
• CVE-2019-8905do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.4.4Feb 18, 2019
• CVE-2019-8906do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.4.4Feb 18, 2019
• CVE-2018-10360The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.6.5Jun 11, 2018
• CVE-2017-1000249An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in a...5.5Sep 11, 2017
• CVE-2014-9653readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset o...7.5Mar 30, 2015
• CVE-2014-9652The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain str...5.0Mar 30, 2015
• CVE-2014-9621The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.5.0Jan 21, 2015
• CVE-2014-9620The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.5.0Jan 21, 2015