7.8

CVE-2019-18218

Exploit
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
File ProjectFile Version <= 5.37
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.1
NetappActive Iq Unified Manager SwPlatformlinux Version >= 7.3
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version19.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html
Third Party Advisory
Mailing List
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
Third Party Advisory
Exploit
Issue Tracking
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/
https://security.gentoo.org/glsa/202003-24
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200115-0001/
Third Party Advisory
https://usn.ubuntu.com/4172-1/
Third Party Advisory
https://usn.ubuntu.com/4172-2/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4550
Third Party Advisory