CVE-2022-48554

all versions

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source projec

5.5MEDIUM

CVE-2011-4116

all versions

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

3.3LOW

CVE-2019-18218

<= 5.37

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-base

7.8HIGH

CVE-2019-8907

all versions

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and ap

8.8HIGH

CVE-2019-8906

all versions

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

4.4MEDIUM

CVE-2019-8905

all versions

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vu

4.4MEDIUM

CVE-2019-8904

all versions

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

8.8HIGH

CVE-2018-10360

all versions

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bou

6.5MEDIUM

CVE-2017-1000249

all versions

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed

5.5MEDIUM

CVE-2017-6512

< 2.13

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mo

5.9MEDIUM

CVE-2014-9653

<= 5.21

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5

CVE-2014-9652

<= 5.20

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5

CVE-2014-9621

all versions

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

CVE-2014-9620

all versions

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

CVE-2014-8117

<= 5.20

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU

CVE-2014-8116

all versions

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via

CVE-2014-3587

<= 5.19

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP be

CVE-2014-3487

< 5.19

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5

CVE-2014-3480

< 5.19

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before

6.5MEDIUM

CVE-2014-3479

< 5.19

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.

CVE-2014-3478

<= 5.18

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.3

6.5MEDIUM

CVE-2014-0207

< 5.19

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x

6.5MEDIUM

CVE-2014-3538

<= 5.18

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause

CVE-2013-7345

< 5.15

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with

CVE-2014-2270

< 5.17

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory

CVE-2012-1571

<= 5.10

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (C

6.5MEDIUM

CVE-2009-3930

<= 5.01

Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact

CVE-2009-1515

all versions

Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote atta

CVE-2008-5303

all versions

Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to delete arbitrar

CVE-2008-5302

all versions

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users t

CVE-2007-2799

all versions

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might a

CVE-2007-2026

all versions

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via

CVE-2007-1536

<= 4.19

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrar

CVE-2004-1304

all versions

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a cr

CVE-2003-0102

all versions

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file,