Search criteria
13 vulnerabilities found for file by file
VAR-201902-0872
Vulnerability from variot - Updated: 2023-12-18 11:48do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. file 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] file (SSA:2019-054-01)
New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. Fix out-of-bounds read and denial-of-service security issues: For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: d774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz
Slackware 14.1 package: 0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz
Slackware 14.2 package: 4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz
Slackware -current package: 039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz
Slackware x86_64 -current package: 20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg file-5.36-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1 Xa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld EIS -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "file",
"scope": "eq",
"trust": 2.1,
"vendor": "file",
"version": "5.35"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
}
],
"sources": [
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-8906",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-160341",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-8906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8906",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-8906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-710",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160341",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. \nfile 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] file (SSA:2019-054-01)\n\nNew file packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. \n Fix out-of-bounds read and denial-of-service security issues:\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz\n\nSlackware x86_64 -current package:\n20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg file-5.36-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1\nXa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld\nEIS\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "PACKETSTORM",
"id": "151829"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8906",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0738",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0860.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1107",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "42787",
"trust": 0.6
},
{
"db": "BID",
"id": "107158",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "151829",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"id": "VAR-201902-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:48:15.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Avoid OOB read (found by ASAN reported by F. Alonso)",
"trust": 0.8,
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"title": "file Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89532"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"trust": 2.0,
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209599"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209600"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209601"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209602"
},
{
"trust": 1.7,
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8906"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8906"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190839-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78294"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209602"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76730"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0860.2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42787"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/file-out-of-bounds-memory-reading-via-do-core-note-28590"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77270"
},
{
"trust": 0.3,
"url": "http://www.darwinsys.com/file/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679175"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8906"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8907"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8907"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160341"
},
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "107158"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"date": "2019-02-25T16:56:55",
"db": "PACKETSTORM",
"id": "151829"
},
{
"date": "2019-02-18T17:29:01.033000",
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"date": "2019-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-160341"
},
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "107158"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"date": "2021-12-09T19:44:07.413000",
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "file Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
}
}
FKIE_CVE-2007-2799
Vulnerability from fkie_nvd - Published: 2007-05-23 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| file | file | 4.2 | |
| sleuth_kit | the_sleuth_kith | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0318EE80-4042-4347-A7AC-818E5419396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sleuth_kit:the_sleuth_kith:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B185CBC3-A4BA-49EC-8115-DDD6F62B4E18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en el programa \"file\" versi\u00f3n 4.20, cuando se ejecuta en sistemas de 32 bits, tal y como es usado en productos que incluyen The Sleuth Kit, podr\u00eda permitir que los atacantes asistidos por el usuario ejecuten c\u00f3digo arbitrario por medio de un archivo largo que activa un desbordamiento que omite una sentencia assert(). NOTA: este problema se debe a un parche incorrecto para CVE-2007-1536."
}
],
"id": "CVE-2007-2799",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-23T21:30:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "secteam@freebsd.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "secteam@freebsd.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38498"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25394"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25544"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25578"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26203"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26294"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26415"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/29179"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "secteam@freebsd.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.ubuntu.com/usn/usn-439-2"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"source": "secteam@freebsd.org",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"source": "secteam@freebsd.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-439-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1536
Vulnerability from fkie_nvd - Published: 2007-03-20 20:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4B95-1EEE-4EF9-8155-DDC349952C24",
"versionEndIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un subdesbordamiento de enteros en la funci\u00f3n file_printf en el programa \"file\" anterior a versi\u00f3n 4.20, permite a los atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2007-1536",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-20T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"source": "cve@mitre.org",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24548"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24592"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24604"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24608"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24616"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24617"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24723"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24754"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25133"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25393"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25989"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27307"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27314"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29179"
},
{
"source": "cve@mitre.org",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1304
Vulnerability from fkie_nvd - Published: 2005-01-10 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8916F2B8-2411-4130-AF9A-2CC4CDFF2E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F56B59-6FA2-44D2-B4DC-58E6C30A4ACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0318EE80-4042-4347-A7AC-818E5419396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91A17FDE-1229-4EB8-AF80-D5398C97E05A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39AFA1E9-49E9-4BF6-A896-7019A38772C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBDF54B-35C6-47DF-8BA1-39B744381A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42DCEED6-D422-4F8A-9E1F-DF7FE3C9EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89B92B2A-EFD4-47B0-89B0-3B92FB610091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D68C976-064C-468D-8B5F-223F12AE7F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9038973-BAC7-4F66-AFBB-15F83C61B9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A722FCC2-E952-476E-97A7-D992F047C6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7C8CA5-7BDE-4E7E-A128-31485182E1BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
],
"id": "CVE-2004-1304",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012433"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0102
Vulnerability from fkie_nvd - Published: 2003-03-18 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "345D0583-A534-47DA-917C-82E18A71D661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "40484250-D324-4068-AD46-14F3663E89B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "32774741-CD88-4401-AC2C-BB46F1CCD100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE7D6A6-0A24-484A-9D57-1FD7792D8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "358179A6-57E9-4F26-B4CE-733D34922649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D25DEC28-4531-44A6-B6C5-3B79CEA8D0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "0A079E68-BB58-4FFC-AADE-1BA4B3F1C2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B379D5-30E1-4C54-8D5E-FF6E35C531FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "20A676AE-1534-42EF-8885-3C654A0EEC35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE83984-EBE3-4C6D-8F9F-83D4D076270C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
],
"id": "CVE-2003-0102",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lwn.net/Alerts/34908/"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lwn.net/Alerts/34908/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-2799 (GCVE-0-2007-2799)
Vulnerability from cvelistv5 – Published: 2007-05-23 21:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "DSA-1343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-2799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1343",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1311",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "http://www.amavis.org/security/asa-2007-3.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"refsource": "OSVDB",
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-2799",
"datePublished": "2007-05-23T21:00:00",
"dateReserved": "2007-05-22T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1536 (GCVE-0-2007-1536)
Vulnerability from cvelistv5 – Published: 2007-03-20 20:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27314"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=171452",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24592"
},
{
"name": "https://issues.rpath.com/browse/RPL-1148",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1536",
"datePublished": "2007-03-20T20:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1304 (GCVE-0-2004-1304)
Vulnerability from cvelistv5 – Published: 2004-12-22 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2004-0063",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2004-0063",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2004-0063",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1304",
"datePublished": "2004-12-22T05:00:00",
"dateReserved": "2004-12-21T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0102 (GCVE-0-2003-0102)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.idefense.com/advisory/03.04.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"refsource": "IMMUNIX",
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0102",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-25T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2799 (GCVE-0-2007-2799)
Vulnerability from nvd – Published: 2007-05-23 21:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "DSA-1343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-2799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1343",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1311",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "http://www.amavis.org/security/asa-2007-3.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"refsource": "OSVDB",
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-2799",
"datePublished": "2007-05-23T21:00:00",
"dateReserved": "2007-05-22T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1536 (GCVE-0-2007-1536)
Vulnerability from nvd – Published: 2007-03-20 20:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27314"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=171452",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24592"
},
{
"name": "https://issues.rpath.com/browse/RPL-1148",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1536",
"datePublished": "2007-03-20T20:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1304 (GCVE-0-2004-1304)
Vulnerability from nvd – Published: 2004-12-22 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2004-0063",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2004-0063",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2004-0063",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1304",
"datePublished": "2004-12-22T05:00:00",
"dateReserved": "2004-12-21T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0102 (GCVE-0-2003-0102)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.idefense.com/advisory/03.04.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"refsource": "IMMUNIX",
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0102",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-25T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}