libmagic 5.35 readelf.c do_bid_note out-of-bounds read

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in libmagic 5.35. This affects the function do_bid_note of the file readelf.c. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/19/2019 08:14 AM05/11/2020 10:07 AM
namelibmagiclibmagic
version5.355.35
filereadelf.creadelf.c
functiondo_bid_notedo_bid_note
cwe125 (information disclosure)125 (information disclosure)
risk22
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore6.86.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore7.57.5
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1550448000 (02/18/2019)1550448000 (02/18/2019)
price_0day$0-$5k$0-$5k
cveCVE-2019-8904CVE-2019-8904
cve_assigned15504480001550448000
cve_nvd_summarydo_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
securityfocus107130107130
securityfocus_titlefile CVE-2019-8904 Stack Buffer Overflow Vulnerabilityfile CVE-2019-8904 Stack Buffer Overflow Vulnerability
qualys_id277708277708
qualys_titleFedora Security Update for file (FEDORA-2019-15f5147b27)Fedora Security Update for file (FEDORA-2019-15f5147b27)
seealso130990 130991 130992130990 130991 130992
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcCC
cvss3_nvd_basescore8.88.8
discoverydate1550534400
urlhttp://www.securityfocus.com/bid/107130
securityfocus_date1550448000 (02/18/2019)
securityfocus_classFailure to Handle Exceptional Conditions

Do you need the next level of professionalism?

Upgrade your account now!