CVE-2019-18218 (retired)

Priority
Description
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
number of CDF_VECTOR elements, which allows a heap-based buffer overflow
(4-byte out-of-bounds write).
Assigned-to
mdeslaur
Notes
Package
Source: file (LP Ubuntu Debian)
Upstream:released (1:5.37-6)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.09-2ubuntu0.8)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:5.14-2ubuntu3.4+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:5.25-2ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:5.32-2ubuntu0.3)
Ubuntu 19.04 (Disco Dingo):released (1:5.35-4ubuntu0.1)
Ubuntu 19.10 (Eoan Ermine):released (1:5.37-5ubuntu0.1)
Ubuntu 20.04 (Focal Fossa):released (1:5.37-6)
Patches:
Upstream:https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
More Information

Updated: 2019-11-06 16:14:57 UTC (commit a96a2a153c73c918af47d5648db3d2c436ac5e35)