do_core_note in readelf.c in libmagic in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Upstream patch: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b References: https://bugs.astron.com/view.php?id=63 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8905.html
Created file tracking bugs for this issue: Affects: fedora-all [bug 1679182]