PT-2019-5198 · File+2 · File+2

Spinpx

Published

2019-02-18

Updated

2024-06-15

CVE-2019-8907

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions File version 5.35

Description The issue is related to a buffer overflow in the do core note function of the File utility, which is used to determine the types of given files. This can be exploited by a remote attacker to cause a denial of service, resulting in stack corruption and application crash, or possibly have other unspecified impacts.

Recommendations For File version 5.35, consider disabling the do core note function in readelf.c as a temporary workaround until a patch is available. Restrict access to the libmagic.a library to minimize the risk of exploitation. Avoid using the File utility to determine file types from untrusted sources until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2020-01886

CVE-2019-8907

DLA-1698-1

DLA-1698-2

MGASA-2019-0118

OPENSUSE-SU-2019:0345-1

OPENSUSE-SU-2019_0345-1

OPENSUSE-SU-2019_1197-1

OPENSUSE-SU-2024:10755-1

SUSE-SU-2019:0571-1

SUSE-SU-2019:0839-1

USN-3911-1

USN-3911-2

Affected Products

File

Suse

Ubuntu

PT-2019-5198 · File+2 · File+2

CVE-2019-8907

Weakness Enumeration

Related Identifiers

Affected Products

References · 75