do_bid_note in readelf.c in libmagic in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Upstream patch: https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55 References: https://bugs.astron.com/view.php?id=62
Created file tracking bugs for this issue: Affects: fedora-all [bug 1679189]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-8904