Arbitrary Code Execution

2020-08-0621:31:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

46.2%

JSON

file is vulnerable to arbitrary code execution. The cdf_read_property_info function in cdf.c does not restrict the number of CDF_VECTOR elements, resulting a heap-based buffer overflow (4-byte out-of-bounds write).

CPENameOperatorVersion
file:3.7eq5.32-r1
php7.0:stretcheq7.0.33-0+deb9u8
fileeq5.33__8.el8
fileeq5.33__16.el8
fileeq5.33__18.el8.0.1
fileeq5.33__13.el8
fileeq5.33__16.el8_3.1
fileeq5.33__18.el8
file:3.7eq5.32-r1
php7.0:stretcheq7.0.33-0+deb9u8

Name	Operator	Version
file:3.7	eq	5.32-r1
php7.0:stretch	eq	7.0.33-0+deb9u8
file	eq	5.33__8.el8
file	eq	5.33__16.el8
file	eq	5.33__18.el8.0.1
file	eq	5.33__13.el8
file	eq	5.33__16.el8_3.1
file	eq	5.33__18.el8
file:3.7	eq	5.32-r1
php7.0:stretch	eq	7.0.33-0+deb9u8