CVE-2019-18218

HIGH

File < 5.37 - Out-of-Bounds Write

Title source: rule

Description

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

References (13)

Core 13

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84

View Patch ZIP pw:eip

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4550

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4172-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4172-2/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200115-0001/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202003-24

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (15)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

canonical/ubuntu_linux 19.10

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 29

... and 5 more

Published Oct 21, 2019

Tracked Since Feb 18, 2026