CVE-2019-18218

Опубликовано: 21 окт. 2019

Источник: debian

EPSS Низкий

Описание

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
file	fixed	1:5.37-6		package
php7.0	removed			package

Примечания

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
https://github.com/php/php-src/commit/469820048df558040f6dec7c39471ad11e2a7cfb (php-7.2.25RC1)

EPSS

Процентиль: 44%

0.00216

Низкий

Связанные уязвимости

CVE-2019-18218

CVSS3: 7.8

ubuntu

почти 6 лет назад

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

CVE-2019-18218

CVSS3: 7.8

redhat

почти 6 лет назад

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

CVE-2019-18218

CVSS3: 7.8

nvd

почти 6 лет назад

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

openSUSE-SU-2020:0677-1

suse-cvrf

около 5 лет назад

Security update for file

SUSE-SU-2021:2930-1

suse-cvrf

почти 4 года назад

Security update for file

EPSS

Процентиль: 44%

0.00216

Низкий