Information on source package file

Available versions

ReleaseVersion
jessie1:5.22+15-2+deb8u4
jessie (security)1:5.22+15-2+deb8u5
stretch1:5.30-1+deb9u2
stretch (security)1:5.30-1+deb9u1
buster1:5.35-4
sid1:5.35-4

Open issues

BugjessiestretchbustersidDescription
CVE-2019-8907fixedvulnerable (no DSA)fixedfixeddo_core_note in readelf.c in libmagic.a in file 5.35 allows remote att ...
CVE-2019-8905fixedvulnerable (no DSA)fixedfixeddo_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...

Resolved issues

BugDescription
TEMP-0525820-07BBE3More file buffer overflows
CVE-2019-8906do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bou ...
CVE-2019-8904do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...
CVE-2018-10360The do_core_note function in readelf.c in libmagic.a in file 5.33 allo ...
CVE-2017-1000249An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b ...
CVE-2015-8865The file_check_mem function in funcs.c in file before 5.23, as used in ...
CVE-2015-4605The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4604The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2014-9653readelf.c in file before 5.22, as used in the Fileinfo component in PH ...
CVE-2014-9652The mconvert function in softmagic.c in file before 5.21, as used in t ...
CVE-2014-9621The ELF parser in file 5.16 through 5.21 allows remote attackers to ca ...
CVE-2014-9620The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ...
CVE-2014-8117softmagic.c in file before 5.21 does not properly limit recursion, whi ...
CVE-2014-8116The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...
CVE-2014-3710The donote function in readelf.c in file through 5.20, as used in the ...
CVE-2014-3587Integer overflow in the cdf_read_property_info function in cdf.c in fi ...
CVE-2014-3538file before 5.19 does not properly restrict the amount of data read du ...
CVE-2014-3487The cdf_read_property_info function in file before 5.19, as used in th ...
CVE-2014-3480The cdf_count_chain function in cdf.c in file before 5.19, as used in ...
CVE-2014-3479The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
CVE-2014-3478Buffer overflow in the mconvert function in softmagic.c in file before ...
CVE-2014-2270softmagic.c in file before 5.17 and libmagic allows context-dependent ...
CVE-2014-1943Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-0238The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-0237The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ...
CVE-2014-0236file before 5.18, as used in the Fileinfo component in PHP before 5.6. ...
CVE-2014-0207The cdf_read_short_sector function in cdf.c in file before 5.19, as us ...
CVE-2013-7345The BEGIN regular expression in the awk script detector in magic/Magdi ...
CVE-2013-4636The mget function in libmagic/softmagic.c in the Fileinfo component in ...
CVE-2012-1571file before 5.11 and libmagic allow remote attackers to cause a denial ...
CVE-2009-3930Multiple integer overflows in Christos Zoulas file before 5.02 allow u ...
CVE-2009-2830Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...
CVE-2009-1515Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c i ...
CVE-2009-0948
CVE-2009-0947
CVE-2007-2799Integer overflow in the "file" program 4.20, when running on 32-bit sy ...
CVE-2007-2026The gnu regular expression code in file 4.20 allows context-dependent ...
CVE-2007-1536Integer underflow in the file_printf function in the "file" program be ...
CVE-2004-1304Stack-based buffer overflow in the ELF header parsing code in file bef ...
CVE-2003-1092Unknown vulnerability in the "Automatic File Content Type Recognition ...
CVE-2003-0102Buffer overflow in tryelf() in readelf.c of the file command allows at ...

Security announcements

DSA / DLADescription
DLA-1698-1file - security update
DSA-3965-1file - security update
DLA-460-1file - security update
DLA-204-1file - security update
DSA-3196-1file - security update
DLA-131-1file - security update
DSA-3121-1file - security update
DLA-86-1file - security update
DSA-3072-1file - security update
DLA-50-1file - security update
DSA-3021-1file - security update
DLA-27-1file - security update
DSA-2873-1file - several
DSA-2873-1file - several
DSA-2861-1file - denial of service
DSA-2861-1file - denial of service
DSA-2422-1file - missing bounds check
DSA-1343-2file
DSA-1343-1file
DSA-1343-1file
DSA-1274-1file - buffer overflow
DSA-1274-1file - buffer overflow
DSA-260file - buffer overflow

Search for package or bug name: Reporting problems