{"id":"CVE-2019-8906","details":"do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.","modified":"2026-04-11T17:54:17.375292Z","published":"2019-02-18T17:29:01.033Z","related":["SUSE-SU-2019:0571-1","SUSE-SU-2019:0839-1","openSUSE-SU-2019:0345-1"],"references":[{"type":"ADVISORY","url":"https://support.apple.com/kb/HT209601"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT209602"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3911-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT209599"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT209600"},{"type":"REPORT","url":"https://bugs.astron.com/view.php?id=64"},{"type":"FIX","url":"https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/file/file","events":[{"introduced":"0"},{"last_affected":"d1ff3af7a2c6b38bdbdde7af26b59e3c50a48fff"},{"fixed":"2858eaf99f6cc5aae129bcbf1e24ad160240185f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.35"}]}}],"versions":["FILE3_27","FILE3_28","FILE3_30","FILE3_31","FILE3_32","FILE3_33","FILE3_34","FILE3_35","FILE3_36","FILE3_37","FILE3_38","FILE3_39","FILE3_40","FILE3_41","FILE4_00","FILE4_01","FILE4_02","FILE4_03","FILE4_04","FILE4_05","FILE4_06","FILE4_07","FILE4_08","FILE4_09","FILE4_10","FILE4_11","FILE4_12","FILE4_13","FILE4_14","FILE4_15","FILE4_16","FILE4_17","FILE4_18","FILE4_19","FILE4_20","FILE4_21","FILE4_22","FILE4_23","FILE4_24","FILE4_25","FILE4_26","FILE5_00","FILE5_01","FILE5_02","FILE5_03","FILE5_04","FILE5_07","FILE5_08","FILE5_09","FILE5_10","FILE5_11","FILE5_12","FILE5_13","FILE5_14","FILE5_15","FILE5_16","FILE5_17","FILE5_18","FILE5_19","FILE5_20","FILE5_21","FILE5_22","FILE5_23","FILE5_24","FILE5_25","FILE5_26","FILE5_27","FILE5_28","FILE5_29","FILE5_30","FILE5_31","FILE5_32","FILE5_33","FILE5_34","FILE5_35","pre-rrt-big-changes-post-4-23"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"id":"CVE-2019-8906-62c7b43b","source":"https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f","digest":{"length":3326,"function_hash":"50134300944515749486679894215678025456"},"signature_type":"Function","target":{"file":"src/readelf.c","function":"do_core_note"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2019-8906-f339bc00","source":"https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f","digest":{"threshold":0.9,"line_hashes":["333164384304000014939969775433987025057","305247237807722948317776446743530876769","251035260985686906017783394955669487551","334815268474935935102152633450803886526","118413130556114706998516904846100232","317474704739742838936164869212100976187","100801867789909417053187722427126381463"]},"signature_type":"Line","target":{"file":"src/readelf.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"42.3"}]},{"events":[{"introduced":"0"},{"fixed":"12.2"}]},{"events":[{"introduced":"0"},{"fixed":"10.14.4"}]},{"events":[{"introduced":"0"},{"fixed":"12.2"}]},{"events":[{"introduced":"0"},{"fixed":"5.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8906.json","vanir_signatures_modified":"2026-04-11T17:54:17Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}]}