CVE-2019-8905
First published: Mon Feb 18 2019(Updated: )
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/file | 1:5.35-4+deb10u2 1:5.35-4+deb10u1 1:5.39-3+deb11u1 1:5.44-3 1:5.45-2 | |
| Debian Debian Linux | =8.0 | |
| File Project File | =5.35 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =42.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/107137
- https://bugs.astron.com/view.php?id=63
- https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html
- https://usn.ubuntu.com/3911-1/
- https://launchpad.net/bugs/cve/CVE-2019-8905
- https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
- https://security-tracker.debian.org/tracker/CVE-2019-8905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905
- https://nvd.nist.gov/vuln/detail/CVE-2019-8905
- https://ubuntu.com/security/CVE-2019-8905
Frequently Asked Questions
What is CVE-2019-8905?
CVE-2019-8905 is a vulnerability related to a stack-based buffer over-read in do_core_note function in libmagic.a in file 5.35.
What software versions are affected by CVE-2019-8905?
CVE-2019-8905 affects file version 5.35 on Debian Linux 8.0, Ubuntu Linux 16.04, Ubuntu Linux 18.04, Ubuntu Linux 18.10, openSUSE Leap 15.0, and openSUSE Leap 42.3.
What is the severity of CVE-2019-8905?
The severity of CVE-2019-8905 is medium with a CVSS score of 4.4.
How can I fix CVE-2019-8905 on Ubuntu Linux?
To fix CVE-2019-8905 on Ubuntu Linux, update the file package to version 1:5.35-3.
Where can I find more information about CVE-2019-8905?
You can find more information about CVE-2019-8905 at the following references: [1] [2] [3]
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/file project
- canonical/file project file
- version/file project file/5.35
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/42.3