CVE-2019-8905

Publication date 18 February 2019

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

4.4 · Medium

Score breakdown

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

Status

Package Ubuntu Release Status
file 18.10 cosmic
Fixed 1:5.34-2ubuntu0.1
18.04 LTS bionic
Fixed 1:5.32-2ubuntu0.2
16.04 LTS xenial
Fixed 1:5.25-2ubuntu1.2
14.04 LTS trusty
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
file

Severity score breakdown

Parameter Value
Base score 4.4 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

References

Related Ubuntu Security Notices (USN)

Other references