#94 file #98
Assignees
Comments
|
I could not understand exactly to what package is this item referring to. I presume that it could be https://pkgs.alpinelinux.org/package/edge/main/x86/file but that utility does not exist on the image (neither during build or runtime). (I also do not know what image was used for the scan. Current test environment image is v0.9.7 https://hub.docker.com/layers/pharmaledger-imi-fgt/joaoluispdm/pharmaledger-imi-fgt/v0.9.7/images/sha256-45346da2b972515244f2315a75e56832e4f65c7aaf7ff81b593e1cb62ca42f90?context=explore |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From #94
List of Container Packages with HIGH CVEs
Container Packages detected
HIGH - file
(RECURRENT) GHSA-m9jv-2cqm-h52c: Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
(RECURRENT) GHSA-w22m-7gfq-73mf: Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
(RECURRENT) GHSA-h28w-vfj4-vh5j: Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
(RECURRENT) GHSA-q6xr-rq9m-h889: The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
(RECURRENT) GHSA-v5gg-89jv-v8h3: Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
(RECURRENT) GHSA-r8jc-hp6c-qc8j: Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
(RECURRENT) GHSA-462f-9822-gvw7: Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
(RECURRENT) GHSA-v7cp-96gw-54m4: file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.
(RECURRENT) GHSA-px78-rrg6-77hf: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
(RECURRENT) GHSA-p546-wvpp-2wvf: The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
(RECURRENT) GHSA-gg3j-j3hx-hjx5: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
(RECURRENT) GHSA-4h69-pc3c-cm6j: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
(RECURRENT) GHSA-qvgv-3xc3-r752: do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
The text was updated successfully, but these errors were encountered: