VDB
ALPINE-CVE-2019-8906
ALPINE-CVE-2019-8906
PUBLISHED
CVSS 4.400000095367432 MEDIUM
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
Risk Scores
CVSS v3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.21 | file | 0, 5.35-r0, 5.33-r0 |
| Alpine:v3.20 | file | 5.35-r0, 0, 5.00-r0 |
| Alpine:v3.23 | file | 5.00-r0, 5.35-r0, 5.33-r0 |
| Alpine:v3.16 | file | 5.00-r0, 4.26-r1, 5.35-r0 |
| Alpine:v3.7 | file | 5.19-r1, 0, 4.26-r1 |
| Alpine:v3.10 | file | 5.22-r0, 4.26-r1, 5.09-r0 |
| Alpine:v3.17 | file | 5.31-r0, 5.27-r0, 5.25-r1 |
| Alpine:v3.11 | file | 5.25-r1, 5.35-r0, 5.25-r0 |
| Alpine:v3.12 | file | 4.26-r1, 5.00-r0, 5.03-r0 |
| Alpine:v3.15 | file | 5.26-r0, 5.25-r1, 5.07-r0 |
| Alpine:v3.8 | file | 5.23-r0, 5.03-r0, 5.10-r0 |
| Alpine:v3.13 | file | 5.23-r0, 5.21-r0, 5.20-r0 |
| Alpine:v3.9 | file | 5.09-r0, 5.04-r2, 5.09-r1 |
| Alpine:v3.19 | file | 0, 5.33-r0, 5.32-r0 |
| Alpine:v3.22 | file | 5.04-r2, 5.35-r0, 5.33-r0 |
| Alpine:v3.14 | file | 5.30-r0, 5.09-r0, 0 |
| Alpine:v3.18 | file | 0, 4.26-r1, 5.00-r0 |
Timeline
- Feb 18, 2019 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch