Information on source package file

Available versions

ReleaseVersion
jessie1:5.22+15-2+deb8u7
stretch1:5.30-1+deb9u3
buster1:5.35-4+deb10u2
buster (lts)1:5.35-4+deb10u1
bullseye1:5.39-3+deb11u1
bookworm1:5.44-3
trixie1:5.45-3
sid1:5.45-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-8907fixedvulnerable (no DSA)fixedfixedfixedfixedfixeddo_core_note in readelf.c in libmagic.a in file 5.35 allows remote att ...
CVE-2019-8905fixedvulnerable (no DSA)fixedfixedfixedfixedfixeddo_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...

Resolved issues

BugDescription
TEMP-0525820-07BBE3More file buffer overflows
CVE-2022-48554File before 5.43 has an stack-based buffer over-read in file_copystr i ...
CVE-2019-18218cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...
CVE-2019-8906do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bou ...
CVE-2019-8904do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...
CVE-2018-10360The do_core_note function in readelf.c in libmagic.a in file 5.33 allo ...
CVE-2017-1000249An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b ...
CVE-2015-8865The file_check_mem function in funcs.c in file before 5.23, as used in ...
CVE-2015-4605The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4604The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2014-9653readelf.c in file before 5.22, as used in the Fileinfo component in PH ...
CVE-2014-9652The mconvert function in softmagic.c in file before 5.21, as used in t ...
CVE-2014-9621The ELF parser in file 5.16 through 5.21 allows remote attackers to ca ...
CVE-2014-9620The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ...
CVE-2014-8117softmagic.c in file before 5.21 does not properly limit recursion, whi ...
CVE-2014-8116The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...
CVE-2014-3710The donote function in readelf.c in file through 5.20, as used in the ...
CVE-2014-3587Integer overflow in the cdf_read_property_info function in cdf.c in fi ...
CVE-2014-3538file before 5.19 does not properly restrict the amount of data read du ...
CVE-2014-3487The cdf_read_property_info function in file before 5.19, as used in th ...
CVE-2014-3480The cdf_count_chain function in cdf.c in file before 5.19, as used in ...
CVE-2014-3479The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
CVE-2014-3478Buffer overflow in the mconvert function in softmagic.c in file before ...
CVE-2014-2270softmagic.c in file before 5.17 and libmagic allows context-dependent ...
CVE-2014-1943Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-0238The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-0237The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ...
CVE-2014-0236file before 5.18, as used in the Fileinfo component in PHP before 5.6. ...
CVE-2014-0207The cdf_read_short_sector function in cdf.c in file before 5.19, as us ...
CVE-2013-7345The BEGIN regular expression in the awk script detector in magic/Magdi ...
CVE-2013-4636The mget function in libmagic/softmagic.c in the Fileinfo component in ...
CVE-2012-1571file before 5.11 and libmagic allow remote attackers to cause a denial ...
CVE-2009-3930Multiple integer overflows in Christos Zoulas file before 5.02 allow u ...
CVE-2009-2830Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...
CVE-2009-1515Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c i ...
CVE-2009-0948Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_s ...
CVE-2009-0947Multiple integer overflows in the (1) cdf_read_property_info and (2) c ...
CVE-2007-2799Integer overflow in the "file" program 4.20, when running on 32-bit sy ...
CVE-2007-2026The gnu regular expression code in file 4.20 allows context-dependent ...
CVE-2007-1536Integer underflow in the file_printf function in the "file" program be ...
CVE-2004-1304Stack-based buffer overflow in the ELF header parsing code in file bef ...
CVE-2003-1092Unknown vulnerability in the "Automatic File Content Type Recognition ...
CVE-2003-0102Buffer overflow in tryelf() in readelf.c of the file command allows at ...

Security announcements

DSA / DLADescription
DSA-5489-1file - security update
DLA-1698-2file - regression update
DSA-4550-1file - security update
DLA-1969-1file - security update
ELA-182-1file - security update
DLA-1698-1file - security update
ELA-3-1file - security update
DSA-3965-1file - security update
DLA-460-1file - security update
DLA-204-1file - security update
DSA-3196-1file - security update
DLA-131-1file - security update
DSA-3121-1file - security update
DLA-86-1file - security update
DSA-3072-1file - security update
DLA-50-1file - security update
DSA-3021-1file - security update
DLA-27-1file - security update
DSA-2873-1file - several
DSA-2861-1file - denial of service
DSA-2422-1file - missing bounds check
DSA-1343-2file
DSA-1343-1file
DSA-1274-1file - buffer overflow
DSA-260file - buffer overflow

Search for package or bug name: Reporting problems