CVE-2019-8904

Published: 18 February 2019

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
file Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	cosmic	Released (1:5.34-2ubuntu0.1)
	precise	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Released (1:5.35-3)
	xenial	Not vulnerable (code not present)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.