) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-18218 |
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Published: October 21, 2019; 1:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2014-9653 |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. Published: March 30, 2015; 6:59:03 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2014-9652 |
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. Published: March 30, 2015; 6:59:01 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-9620 |
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Published: January 21, 2015; 1:59:05 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-8117 |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Published: December 17, 2014; 2:59:05 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-3487 |
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. Published: July 09, 2014; 7:07:01 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-3480 |
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. Published: July 09, 2014; 7:07:01 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-3479 |
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. Published: July 09, 2014; 7:07:01 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-2270 |
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |