File Project: >> File >> 5.21 Security Vulnerabilities
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
CVSS Score
7.8
EPSS Score
0.002
Published
2019-10-21
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
CVSS Score
7.5
EPSS Score
0.037
Published
2015-03-30
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
CVSS Score
5.0
EPSS Score
0.013
Published
2015-01-21
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
CVSS Score
5.0
EPSS Score
0.03
Published
2015-01-21