[File] [SECURITY] Out-of-Bounds Read from Small .mgc File in apprentice.c (file-5.17)
Kerwin
kerwinxia66001 at gmail.com
Wed Apr 1 15:20:19 UTC 2026
Hi maintainers,
I am reporting an out-of-bounds read vulnerability in libmagic (file-5.17)
where the minimum `.mgc` file size check in `apprentice_map()`
(apprentice.c:2670) only requires 8 bytes, but the code subsequently reads
`ptr[2]` and `ptr[3]` at offsets 8-15, causing an OOB read or SIGSEGV with
any 8-15 byte `.mgc` file carrying a valid header.
Please find the detailed vulnerability report and proof-of-concept files
attached.
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/file/attachments/20260401/2d77320a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: POC.tar
Type: application/x-tar
Size: 25600 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20260401/2d77320a/attachment-0001.tar>
More information about the File
mailing list