cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
{ "vanir_signatures": [ { "id": "CVE-2019-18218-124a6812", "digest": { "length": 4060.0, "function_hash": "141462265533073168588410924988499256220" }, "signature_version": "v1", "target": { "function": "cdf_read_property_info", "file": "src/cdf.c" }, "source": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", "deprecated": false, "signature_type": "Function" }, { "id": "CVE-2019-18218-4601ee86", "digest": { "line_hashes": [ "232348618922950287035341901861972145872", "338533911114036514584387668062207342846", "326674587567267172409291237374634580764", "264564310128975935481162260876263917724", "246134627259958658615817409114321934769", "190950152636129980836088233351599417731", "333926495558274210915114571492543351460", "263999937339594604155784173374512471434", "152715470018542414313236424384854217638", "100274328262298050445601681789737821828", "87563207867777330957918320582015450416", "38824614804368571099286801056625173862", "142503734579567137890548824060177062290" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "src/cdf.c" }, "source": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84", "deprecated": false, "signature_type": "Line" } ] }