Christos Zoulas

7 exploits Active since Feb 2014
CVE-2014-1943 WRITEUP WRITEUP
Fine Free <5.17 - DoS
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
CVE-2014-8116 WRITEUP WRITEUP
File - Resource Management Error
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
CVE-2014-8117 WRITEUP WRITEUP
File < 5.20 - Resource Management Error
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
CVE-2017-1000249 WRITEUP MEDIUM WRITEUP
File - Buffer Overflow
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
CVSS 5.5
CVE-2018-10360 WRITEUP MEDIUM WRITEUP
file 5.33 - DoS
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
CVSS 6.5
CVE-2019-18218 WRITEUP HIGH WRITEUP
File < 5.37 - Out-of-Bounds Write
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
CVSS 7.8
CVE-2019-8906 WRITEUP MEDIUM WRITEUP
File < 12.2 - Out-of-Bounds Read
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
CVSS 4.4