[File] [SECURITY] Heap Buffer Over-read in softmagic.c FILE_OPINDIRECT Handling (file-5.17)
Kerwin
kerwinxia66001 at gmail.com
Wed Apr 1 14:58:54 UTC 2026
Hi maintainers,
I am reporting a heap buffer over-read vulnerability in libmagic
(file-5.17) where the FILE_OPINDIRECT code path in `mget()`
(softmagic.c:1189-1222) dereferences a computed pointer before any bounds
check against `nbytes`, allowing an out-of-bounds heap read when a crafted
magic database is loaded.
Please find the detailed vulnerability report and proof-of-concept files
attached.
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/file/attachments/20260401/4614de16/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: POC.tar
Type: application/x-tar
Size: 27136 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20260401/4614de16/attachment-0001.tar>
More information about the File
mailing list