CVE-2019-18218

Public on 2019-10-21

Modified on 2024-02-05

Description

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Severity

Important

See what this means

CVSS v3 Base Score

7.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	file	2019-12-13 21:12	ALAS-2019-1326
Amazon Linux 2 - Core	file	2019-12-13 18:55	ALAS2-2019-1370
Amazon Linux 1	php72	2024-02-14 20:03	ALAS-2024-1921
Amazon Linux 1	php73	2024-02-01 19:33	ALAS-2024-1918

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv2	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P

References

Red Hat: CVE-2019-18218 Mitre: CVE-2019-18218 FAQs regarding Amazon Linux ALAS/CVE Severity