First published: Tue Aug 22 2023(Updated: )
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org CVE-2022-48554 CVE-2022-48554 CVE-2022-48554
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/file | <1:5.44-1 | 1:5.44-1 |
ubuntu/file | <1:5.41-3ubuntu0.1 | 1:5.41-3ubuntu0.1 |
debian/file | 1:5.35-4+deb10u2 1:5.35-4+deb10u1 1:5.39-3+deb11u1 1:5.44-3 1:5.45-2 | |
File Project File | <5.43 | |
File Project File | =5.41 | |
Debian Debian Linux | =11.0 | |
redhat/file | <5.42 | 5.42 |
Apple watchOS | <10.4 | 10.4 |
Apple tvOS | <17.4 | 17.4 |
Apple iOS | <17.4 | 17.4 |
Apple iPadOS | <17.4 | 17.4 |
Apple macOS Sonoma | <14.4 | 14.4 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2022-48554 is a stack-based buffer over-read vulnerability in the file_copystr function in funcs.c in the File project.
The severity of CVE-2022-48554 is medium, with a severity value of 5.5.
The File project versions up to and excluding 5.43, as well as specific versions of the file package in Debian and Ubuntu, are affected.
To fix CVE-2022-48554 in the File project, it is recommended to upgrade to version 5.43 or later.
For Debian, update the file package to version 1:5.44-3 or later. For Ubuntu, update the file package to version 1:5.44-1 or later.