Vulnerability Description
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVSS Score
4.4
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| File Project | File | 5.35 |
| Canonical | Ubuntu Linux | 16.04 |
| Opensuse | Leap | 15.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.htmlMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/107137Third Party AdvisoryVDB Entry
- https://bugs.astron.com/view.php?id=63ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/02/msg00044.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/3911-1/Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.htmlMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/107137Third Party AdvisoryVDB Entry
- https://bugs.astron.com/view.php?id=63ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/02/msg00044.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/3911-1/Third Party Advisory
FAQ
What is CVE-2019-8905?
CVE-2019-8905 is a vulnerability with a CVSS score of 4.4 (MEDIUM). do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
How severe is CVE-2019-8905?
CVE-2019-8905 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-8905?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, File Project File, Canonical Ubuntu Linux, Opensuse Leap.