CVE-2019-18218

Priority
Description
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
number of CDF_VECTOR elements, which allows a heap-based buffer overflow
(4-byte out-of-bounds write).
Assigned-to
mdeslaur
Notes
Package
Source: file (LP Ubuntu Debian)
Upstream:released (1:5.37-6)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.09-2ubuntu0.8)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:5.14-2ubuntu3.4+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:5.25-2ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:5.32-2ubuntu0.3)
Ubuntu 20.04 LTS (Focal Fossa):released (1:5.37-6)
Patches:
Upstream:https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
More Information

Updated: 2020-07-28 20:07:05 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)