ID CVE-2019-18218
Summary cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
References
Vulnerable Configurations
  • cpe:2.3:a:file_project:file:3.27:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.28:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.30:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.31:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.32:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.33:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.34:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.35:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.36:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.37:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.38:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.39:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.40:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.40:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:3.41:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.00:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.00:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.02:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.02:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.03:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.03:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.05:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.05:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.06:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.06:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.07:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.07:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.08:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.08:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.09:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.09:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.10:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.11:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.12:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.13:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.14:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.15:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.16:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.17:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.18:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.19:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.20:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.21:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.22:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.23:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.23:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.24:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.24:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.25:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.25:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:4.26:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:4.26:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.00:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.00:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.02:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.02:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.03:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.03:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.04:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.04:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.05:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.05:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.06:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.06:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.07:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.07:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.21:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.21:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.22:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.22:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.23:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.24:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.25:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.25:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.26:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.26:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.27:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.28:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.30:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.31:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.31:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.32:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.32:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.33:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.33:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.34:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.34:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.36:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.36:*:*:*:*:*:*:*
  • cpe:2.3:a:file_project:file:5.37:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.37:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:linux:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:linux:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:linux:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:linux:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
CVSS
Base: 6.8 (as of 09-11-2022 - 17:55)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200115-0001/
debian DSA-4550
fedora
  • FEDORA-2019-18036b898e
  • FEDORA-2019-554c3c691f
  • FEDORA-2019-97dcb2762a
gentoo GLSA-202003-24
misc
mlist [debian-lts-announce] 20191023 [SECURITY] [DLA 1969-1] file security update
suse openSUSE-SU-2020:0677
ubuntu
  • USN-4172-1
  • USN-4172-2
Last major update 09-11-2022 - 17:55
Published 21-10-2019 - 05:15
Last modified 09-11-2022 - 17:55
Back to Top