Stack-based Buffer Over-read in File Utility from Vendor
CVE-2019-8905

4.4MEDIUM

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
18 February 2019

What is CVE-2019-8905?

A stack-based buffer over-read has been identified in the File utility version 5.35 within the function do_core_note in readelf.c. This flaw can lead to unexpected behavior during file processing, potentially allowing attackers to exploit this vulnerability in a way that could result in information disclosure or disruption of services. It is crucial for users to update their installations to address this security concern and enhance the resilience of their systems.

References

http://www.securityfocus.com/bid/107137
vdb-entryx_refsource_BID
https://lists.debian.org/debian-lts-announce/2019/02/msg0...
mailing-listx_refsource_MLIST
https://bugs.astron.com/view.php?id=63
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.