{"id":"CVE-2018-10360","details":"The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.","modified":"2026-03-15T14:01:39.491361Z","published":"2018-06-11T10:29:00.233Z","related":["MGASA-2018-0295","SUSE-SU-2018:2044-1","SUSE-SU-2018:2682-1","SUSE-SU-2019:0571-1","SUSE-SU-2019:0839-1","openSUSE-SU-2019:0345-1","openSUSE-SU-2024:10755-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201806-08"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3686-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3686-2/"},{"type":"FIX","url":"https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/file/file","events":[{"introduced":"0"},{"last_affected":"219846094c7593e27453e62855e61181089c48cf"},{"fixed":"a642587a9c9e2dd7feacdf513c3643ce26ad3c22"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.33"}]}}],"versions":["FILE3_27","FILE3_28","FILE3_30","FILE3_31","FILE3_32","FILE3_33","FILE3_34","FILE3_35","FILE3_36","FILE3_37","FILE3_38","FILE3_39","FILE3_40","FILE3_41","FILE4_00","FILE4_01","FILE4_02","FILE4_03","FILE4_04","FILE4_05","FILE4_06","FILE4_07","FILE4_08","FILE4_09","FILE4_10","FILE4_11","FILE4_12","FILE4_13","FILE4_14","FILE4_15","FILE4_16","FILE4_17","FILE4_18","FILE4_19","FILE4_20","FILE4_21","FILE4_22","FILE4_23","FILE4_24","FILE4_25","FILE4_26","FILE5_00","FILE5_01","FILE5_02","FILE5_03","FILE5_04","FILE5_07","FILE5_08","FILE5_09","FILE5_10","FILE5_11","FILE5_12","FILE5_13","FILE5_14","FILE5_15","FILE5_16","FILE5_17","FILE5_18","FILE5_19","FILE5_20","FILE5_21","FILE5_22","FILE5_23","FILE5_24","FILE5_25","FILE5_26","FILE5_27","FILE5_28","FILE5_29","FILE5_30","FILE5_31","FILE5_32","FILE5_33","pre-rrt-big-changes-post-4-23"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10360.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"42.3"}]}],"vanir_signatures":[{"source":"https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22","signature_version":"v1","deprecated":false,"target":{"file":"src/readelf.c","function":"do_core_note"},"digest":{"function_hash":"254058072820689234381969040996687757502","length":2821},"signature_type":"Function","id":"CVE-2018-10360-40752739"},{"source":"https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22","signature_version":"v1","deprecated":false,"target":{"file":"src/readelf.c"},"digest":{"threshold":0.9,"line_hashes":["23684663573675673089960887643566717873","236169850793254080861419192197258474429","70460217292905612324050046650107097386","160259835256462080381177519046770217725","93544682353849154857634237623532827914","242765592094645889898983886974302638010","236365010895987412967245950745120745925"]},"signature_type":"Line","id":"CVE-2018-10360-8f478a7a"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}