All the vulnerabilites related to file - file
cve-2004-1304
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.trustix.net/errata/2004/0063/ | vendor-advisory, x_refsource_TRUSTIX | |
| http://securitytracker.com/id?1012433 | vdb-entry, x_refsource_SECTRACK | |
| http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/11771 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18368 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2004-0063",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2004-0063",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2004-0063",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"name": "1012433",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012433"
},
{
"name": "GLSA-200412-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"name": "11771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11771"
},
{
"name": "file-elf-header-bo(18368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1304",
"datePublished": "2004-12-22T05:00:00",
"dateReserved": "2004-12-21T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1536
Vulnerability from cvelistv5
Published
2007-03-20 20:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27314"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "25393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25393"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "23021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"name": "24616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24616"
},
{
"name": "1017796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"name": "27307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27307"
},
{
"name": "[file] 20070302 file-4.20 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"name": "MDKSA-2007:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"name": "SUSE-SR:2007:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "24723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24723"
},
{
"name": "24754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24754"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "RHSA-2007:0124",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=171452",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"name": "25989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25989"
},
{
"name": "24604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24604"
},
{
"name": "oval:org.mitre.oval:def:10658",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "DSA-1274",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"name": "24617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24617"
},
{
"name": "openbsd-file-bo(36283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"name": "ADV-2007-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"name": "25133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25133"
},
{
"name": "FreeBSD-SA-07:04",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"name": "USN-439-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "VU#606700",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"name": "24608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24608"
},
{
"name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"name": "GLSA-200703-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"name": "GLSA-200710-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"name": "24548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24548"
},
{
"name": "24592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24592"
},
{
"name": "https://issues.rpath.com/browse/RPL-1148",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"name": "SSA:2007-093-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1536",
"datePublished": "2007-03-20T20:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0102
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.idefense.com/advisory/03.04.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"refsource": "IMMUNIX",
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0102",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-25T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2799
Vulnerability from cvelistv5
Published
2007-05-23 21:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "DSA-1343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-2799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1343",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1311",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "http://www.amavis.org/security/asa-2007-3.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"refsource": "OSVDB",
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-2799",
"datePublished": "2007-05-23T21:00:00",
"dateReserved": "2007-05-22T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-05-23 21:30
Modified
2024-11-21 00:31
Severity ?
Summary
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| file | file | 4.2 | |
| sleuth_kit | the_sleuth_kith | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0318EE80-4042-4347-A7AC-818E5419396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sleuth_kit:the_sleuth_kith:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B185CBC3-A4BA-49EC-8115-DDD6F62B4E18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en el programa \"file\" versi\u00f3n 4.20, cuando se ejecuta en sistemas de 32 bits, tal y como es usado en productos que incluyen The Sleuth Kit, podr\u00eda permitir que los atacantes asistidos por el usuario ejecuten c\u00f3digo arbitrario por medio de un archivo largo que activa un desbordamiento que omite una sentencia assert(). NOTA: este problema se debe a un parche incorrecto para CVE-2007-1536."
}
],
"id": "CVE-2007-2799",
"lastModified": "2024-11-21T00:31:41.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-23T21:30:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "secteam@freebsd.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "secteam@freebsd.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38498"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25394"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25544"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25578"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26203"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26294"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26415"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/29179"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "secteam@freebsd.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.ubuntu.com/usn/usn-439-2"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"source": "secteam@freebsd.org",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"source": "secteam@freebsd.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-439-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8916F2B8-2411-4130-AF9A-2CC4CDFF2E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F56B59-6FA2-44D2-B4DC-58E6C30A4ACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0318EE80-4042-4347-A7AC-818E5419396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91A17FDE-1229-4EB8-AF80-D5398C97E05A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39AFA1E9-49E9-4BF6-A896-7019A38772C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBDF54B-35C6-47DF-8BA1-39B744381A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42DCEED6-D422-4F8A-9E1F-DF7FE3C9EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89B92B2A-EFD4-47B0-89B0-3B92FB610091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D68C976-064C-468D-8B5F-223F12AE7F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9038973-BAC7-4F66-AFBB-15F83C61B9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A722FCC2-E952-476E-97A7-D992F047C6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7C8CA5-7BDE-4E7E-A128-31485182E1BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
}
],
"id": "CVE-2004-1304",
"lastModified": "2024-11-20T23:50:33.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012433"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.net/errata/2004/0063/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-18 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "345D0583-A534-47DA-917C-82E18A71D661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "40484250-D324-4068-AD46-14F3663E89B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "32774741-CD88-4401-AC2C-BB46F1CCD100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE7D6A6-0A24-484A-9D57-1FD7792D8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "358179A6-57E9-4F26-B4CE-733D34922649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D25DEC28-4531-44A6-B6C5-3B79CEA8D0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "0A079E68-BB58-4FFC-AADE-1BA4B3F1C2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B379D5-30E1-4C54-8D5E-FF6E35C531FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "20A676AE-1534-42EF-8885-3C654A0EEC35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE83984-EBE3-4C6D-8F9F-83D4D076270C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
],
"id": "CVE-2003-0102",
"lastModified": "2024-11-20T23:43:57.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lwn.net/Alerts/34908/"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lwn.net/Alerts/34908/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 20:19
Modified
2024-11-21 00:28
Severity ?
Summary
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file:file:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4B95-1EEE-4EF9-8155-DDC349952C24",
"versionEndIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un subdesbordamiento de enteros en la funci\u00f3n file_printf en el programa \"file\" anterior a versi\u00f3n 4.20, permite a los atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2007-1536",
"lastModified": "2024-11-21T00:28:33.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-20T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"source": "cve@mitre.org",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24548"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24592"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24604"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24608"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24616"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24617"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24723"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24754"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25133"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25393"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25989"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27307"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27314"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29179"
},
{
"source": "cve@mitre.org",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mx.gw.com/pipermail/file/2007/000161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openbsd.org/errata40.html#015_file"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-439-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201902-0872
Vulnerability from variot
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. file 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] file (SSA:2019-054-01)
New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. Fix out-of-bounds read and denial-of-service security issues: For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: d774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz
Slackware 14.1 package: 0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz
Slackware 14.2 package: 4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz
Slackware -current package: 039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz
Slackware x86_64 -current package: 20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg file-5.36-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1 Xa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld EIS -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "file",
"scope": "eq",
"trust": 2.1,
"vendor": "file",
"version": "5.35"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
}
],
"sources": [
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-8906",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-160341",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-8906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-8906",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-8906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-710",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160341",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. \nfile 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] file (SSA:2019-054-01)\n\nNew file packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. \n Fix out-of-bounds read and denial-of-service security issues:\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz\n\nSlackware x86_64 -current package:\n20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg file-5.36-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1\nXa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld\nEIS\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "PACKETSTORM",
"id": "151829"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8906",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0738",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0860.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1107",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "42787",
"trust": 0.6
},
{
"db": "BID",
"id": "107158",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "151829",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"id": "VAR-201902-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:48:15.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Avoid OOB read (found by ASAN reported by F. Alonso)",
"trust": 0.8,
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"title": "file Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89532"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"trust": 2.0,
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209599"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209600"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209601"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209602"
},
{
"trust": 1.7,
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8906"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8906"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190839-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78294"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209602"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76730"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0860.2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42787"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/file-out-of-bounds-memory-reading-via-do-core-note-28590"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77270"
},
{
"trust": 0.3,
"url": "http://www.darwinsys.com/file/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679175"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8906"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8907"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8907"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160341"
},
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "107158"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"date": "2019-02-25T16:56:55",
"db": "PACKETSTORM",
"id": "151829"
},
{
"date": "2019-02-18T17:29:01.033000",
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"date": "2019-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-160341"
},
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "107158"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"date": "2021-12-09T19:44:07.413000",
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "file Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
}
}