low severity
Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to ALAS2-2020-1452. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2018-10360: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. 1590000: CVE-2018-10360 file: out-of-bounds read via a crafted ELF file
Remediation
Upgrade file-libs to version or higher.
References
- CVE
- ALAS2-2020-1452
- Snyk ID
- SNYK-AMZN2-FILELIBS-585767
- Published
- 16 Jul, 2020