medium severity
Do your applications use this vulnerable package?
Test your applications
Overview
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-18218: 1765272: CVE-2019-18218 file: heap-based buffer overflow in cdf_read_property_info in cdf.c cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
References
- CVE
- ALAS2-2019-1370
- Snyk ID
- SNYK-AMZN2-FILELIBS-538133
- Published
- 18 Dec, 2019