CVE-2019-18218

Published: 21 October 2019

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
file
Launchpad, Ubuntu, Debian
Upstream
Released (1:5.37-6)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:5.37-6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:5.32-2ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:5.25-2ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:5.14-2ubuntu3.4+esm1)
Patches:
Upstream: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84