Published: 11/06/2018 Updated: 02/05/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
file project file 5.33
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04
opensuse leap 42.3
opensuse leap 15.0

Debian Bug report logs - #922968 file: CVE-2019-8905 CVE-2019-8907 Package: src:file; Maintainer for src:file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 22 Feb 2019 13:09:02 UTC Severity: important Tags: security, upstream Found in version fi ...

Debian Bug report logs - #901351 file: CVE-2018-10360 Package: src:file; Maintainer for src:file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Jun 2018 20:21:01 UTC Severity: important Tags: security, upstream Found in versions file/1:522+15 ...

Several security issues were fixed in file ...

Synopsis Low: file security update Type/Severity Security Advisory: Low Topic An update for file is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Low: file security update Type/Severity Security Advisory: Low Topic An update for file is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP SolutionsRed Hat P ...

Synopsis Low: file security update Type/Severity Security Advisory: Low Topic An update for file is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Low: file security update Type/Severity Security Advisory: Low Topic An update for file is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed ...

The do_core_note function in readelfc in libmagica in file 533 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file (CVE-2018-10360) ...

The do_core_note function in readelfc in libmagica in file 533 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file ...

CWE-125 https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 https://usn.ubuntu.com/3686-1/https://usn.ubuntu.com/3686-2/https://security.gentoo.org/glsa/201806-08 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922968 https://usn.ubuntu.com/3686-1/

CVE-2018-10360

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect