ALAS2-2019-1370

Affecting file-libs package, versions <5.11-35.amzn2.0.2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-18218: 1765272: CVE-2019-18218 file: heap-based buffer overflow in cdf_read_property_info in cdf.c cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

References

CVE
ALAS2-2019-1370
Snyk ID
SNYK-AMZN2-FILELIBS-538133
Published
18 Dec, 2019