Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for file by file

    VAR-201902-0872

    Vulnerability from variot - Updated: 2024-11-23 19:35

    do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. file 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    [slackware-security] file (SSA:2019-054-01)

    New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. Fix out-of-bounds read and denial-of-service security issues: For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 14.0 package: d774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: 7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: ca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz

    Slackware 14.2 package: 4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz

    Slackware -current package: 039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz

    Slackware x86_64 -current package: 20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg file-5.36-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

    iEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1 Xa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld EIS -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0872",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "file",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "file",
            "version": "5.35"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.2"
          },
          {
            "model": "tvos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.2"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.10"
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.4"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "watchos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "5.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:file_project:file",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "vendor",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-8906",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-8906",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-8906",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-160341",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-8906",
                "impactScore": 2.5,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-8906",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-8906",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-8906",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201902-710",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160341",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. \nfile 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  file (SSA:2019-054-01)\n\nNew file packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/file-5.36-i586-1_slack14.2.txz:  Upgraded. \n  Fix out-of-bounds read and denial-of-service security issues:\n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd774a800d99acb0ad52f312ed83a072f  file-5.36-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7be0a75f9f31f23b9c38b7ebf0192961  file-5.36-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n0ec7575d2786bb8c8abe7b568cab262f  file-5.36-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nca23033d9beedda72c0793b796ad10b2  file-5.36-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4dfa9268d6415052d99681543a884227  file-5.36-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n2e26d570e7b3c957155905b9150b1af0  file-5.36-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n039ec7588178a2026e77bd96d2c98552  a/file-5.36-i586-1.txz\n\nSlackware x86_64 -current package:\n20d07d173c3a2314eabe27620f662195  a/file-5.36-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg file-5.36-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1\nXa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld\nEIS\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "BID",
            "id": "107158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "db": "PACKETSTORM",
            "id": "151829"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-8906",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0738",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0860.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1107",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "42787",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "107158",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "151829",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-160341",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "db": "BID",
            "id": "107158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "PACKETSTORM",
            "id": "151829"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "id": "VAR-201902-0872",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T19:35:57.205000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Avoid OOB read (found by ASAN reported by F. Alonso)",
            "trust": 0.8,
            "url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
          },
          {
            "title": "file Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89532"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://usn.ubuntu.com/3911-1/"
          },
          {
            "trust": 2.0,
            "url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht209599"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht209600"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht209601"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht209602"
          },
          {
            "trust": 1.7,
            "url": "https://bugs.astron.com/view.php?id=64"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8906"
          },
          {
            "trust": 0.9,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8906"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190839-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/78294"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht209602"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht209600"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/76730"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.0860.2/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/42787"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/file-out-of-bounds-memory-reading-via-do-core-note-28590"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/77270"
          },
          {
            "trust": 0.3,
            "url": "http://www.darwinsys.com/file/"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679175"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-8906"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8907"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8907"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "db": "BID",
            "id": "107158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "PACKETSTORM",
            "id": "151829"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "db": "BID",
            "id": "107158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "db": "PACKETSTORM",
            "id": "151829"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "date": "2019-01-03T00:00:00",
            "db": "BID",
            "id": "107158"
          },
          {
            "date": "2019-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "date": "2019-02-25T16:56:55",
            "db": "PACKETSTORM",
            "id": "151829"
          },
          {
            "date": "2019-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          },
          {
            "date": "2019-02-18T17:29:01.033000",
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160341"
          },
          {
            "date": "2019-01-03T00:00:00",
            "db": "BID",
            "id": "107158"
          },
          {
            "date": "2019-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          },
          {
            "date": "2021-12-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          },
          {
            "date": "2024-11-21T04:50:38.213000",
            "db": "NVD",
            "id": "CVE-2019-8906"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "file Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001781"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-710"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2007-2799 (GCVE-0-2007-2799)

    Vulnerability from nvd – Published: 2007-05-23 21:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2007/dsa-1343 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/29179 third-party-advisoryx_refsource_SECUNIA
    http://www.trustix.org/errata/2007/0024/ vendor-advisoryx_refsource_TRUSTIX
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://secunia.com/advisories/26415 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/0924… vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018140 vdb-entryx_refsource_SECTRACK
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    https://issues.rpath.com/browse/RPL-1311 x_refsource_CONFIRM
    http://secunia.com/advisories/25931 third-party-advisoryx_refsource_SECUNIA
    http://www.amavis.org/security/asa-2007-3.txt x_refsource_CONFIRM
    http://secunia.com/advisories/25544 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29420 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2007-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/25578 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/archive/1/469520/30/… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/2071 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/25394 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://docs.info.apple.com/article.html?artnum=307562 x_refsource_CONFIRM
    http://secunia.com/advisories/26294 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26203 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/24146 vdb-entryx_refsource_BID
    http://osvdb.org/38498 vdb-entryx_refsource_OSVDB
    http://www.ubuntu.com/usn/usn-439-2 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2007-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.399Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-1343",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1343"
              },
              {
                "name": "29179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29179"
              },
              {
                "name": "2007-0024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2007/0024/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
              },
              {
                "name": "26415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26415"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
              },
              {
                "name": "ADV-2008-0924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0924/references"
              },
              {
                "name": "1018140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018140"
              },
              {
                "name": "SUSE-SA:2007:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1311"
              },
              {
                "name": "25931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25931"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.amavis.org/security/asa-2007-3.txt"
              },
              {
                "name": "25544",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25544"
              },
              {
                "name": "29420",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29420"
              },
              {
                "name": "MDKSA-2007:114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
              },
              {
                "name": "RHSA-2007:0391",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
              },
              {
                "name": "25578",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25578"
              },
              {
                "name": "APPLE-SA-2008-03-18",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
              },
              {
                "name": "20070524 FLEA-2007-0022-1: file",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
              },
              {
                "name": "file-assert-code-execution(34731)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
              },
              {
                "name": "ADV-2007-2071",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2071"
              },
              {
                "name": "25394",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25394"
              },
              {
                "name": "NetBSD-SA2008-001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=307562"
              },
              {
                "name": "26294",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26294"
              },
              {
                "name": "26203",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26203"
              },
              {
                "name": "GLSA-200705-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:11012",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
              },
              {
                "name": "24146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24146"
              },
              {
                "name": "38498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38498"
              },
              {
                "name": "USN-439-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-439-2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement.  NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
            "shortName": "freebsd"
          },
          "references": [
            {
              "name": "DSA-1343",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1343"
            },
            {
              "name": "29179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29179"
            },
            {
              "name": "2007-0024",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2007/0024/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
            },
            {
              "name": "26415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26415"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
            },
            {
              "name": "ADV-2008-0924",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "1018140",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018140"
            },
            {
              "name": "SUSE-SA:2007:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1311"
            },
            {
              "name": "25931",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25931"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.amavis.org/security/asa-2007-3.txt"
            },
            {
              "name": "25544",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25544"
            },
            {
              "name": "29420",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "MDKSA-2007:114",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
            },
            {
              "name": "RHSA-2007:0391",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
            },
            {
              "name": "25578",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25578"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "20070524 FLEA-2007-0022-1: file",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
            },
            {
              "name": "file-assert-code-execution(34731)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
            },
            {
              "name": "ADV-2007-2071",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2071"
            },
            {
              "name": "25394",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25394"
            },
            {
              "name": "NetBSD-SA2008-001",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "26294",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26294"
            },
            {
              "name": "26203",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26203"
            },
            {
              "name": "GLSA-200705-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:11012",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
            },
            {
              "name": "24146",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24146"
            },
            {
              "name": "38498",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38498"
            },
            {
              "name": "USN-439-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-439-2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secteam@freebsd.org",
              "ID": "CVE-2007-2799",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement.  NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-1343",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1343"
                },
                {
                  "name": "29179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29179"
                },
                {
                  "name": "2007-0024",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2007/0024/"
                },
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
                },
                {
                  "name": "26415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26415"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
                },
                {
                  "name": "ADV-2008-0924",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0924/references"
                },
                {
                  "name": "1018140",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018140"
                },
                {
                  "name": "SUSE-SA:2007:040",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1311",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1311"
                },
                {
                  "name": "25931",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25931"
                },
                {
                  "name": "http://www.amavis.org/security/asa-2007-3.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.amavis.org/security/asa-2007-3.txt"
                },
                {
                  "name": "25544",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25544"
                },
                {
                  "name": "29420",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29420"
                },
                {
                  "name": "MDKSA-2007:114",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
                },
                {
                  "name": "RHSA-2007:0391",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
                },
                {
                  "name": "25578",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25578"
                },
                {
                  "name": "APPLE-SA-2008-03-18",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
                },
                {
                  "name": "20070524 FLEA-2007-0022-1: file",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
                },
                {
                  "name": "file-assert-code-execution(34731)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
                },
                {
                  "name": "ADV-2007-2071",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2071"
                },
                {
                  "name": "25394",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25394"
                },
                {
                  "name": "NetBSD-SA2008-001",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=307562",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=307562"
                },
                {
                  "name": "26294",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26294"
                },
                {
                  "name": "26203",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26203"
                },
                {
                  "name": "GLSA-200705-25",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:11012",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
                },
                {
                  "name": "24146",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24146"
                },
                {
                  "name": "38498",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38498"
                },
                {
                  "name": "USN-439-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-439-2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "assignerShortName": "freebsd",
        "cveId": "CVE-2007-2799",
        "datePublished": "2007-05-23T21:00:00.000Z",
        "dateReserved": "2007-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1536 (GCVE-0-2007-1536)

    Vulnerability from nvd – Published: 2007-03-20 20:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/27314 third-party-advisoryx_refsource_SECUNIA
    http://docs.info.apple.com/article.html?artnum=305530 x_refsource_CONFIRM
    http://secunia.com/advisories/25393 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29179 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1939 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23021 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24616 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1017796 vdb-entryx_refsource_SECTRACK
    http://openbsd.org/errata40.html#015_file vendor-advisoryx_refsource_OPENBSD
    http://secunia.com/advisories/27307 third-party-advisoryx_refsource_SECUNIA
    http://mx.gw.com/pipermail/file/2007/000161.html mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/477950/100… mailing-listx_refsource_BUGTRAQ
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/24723 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24754 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/25402 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    https://bugs.gentoo.org/show_bug.cgi?id=171452 x_refsource_CONFIRM
    http://secunia.com/advisories/25989 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24604 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/25931 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2007/dsa-1274 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/24617 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/1040 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/25133 third-party-advisoryx_refsource_SECUNIA
    http://security.freebsd.org/advisories/FreeBSD-SA… vendor-advisoryx_refsource_FREEBSD
    http://www.ubuntu.com/usn/usn-439-1 vendor-advisoryx_refsource_UBUNTU
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.kb.cert.org/vuls/id/606700 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/24608 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/477861/100… mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200703-26.xml vendor-advisoryx_refsource_GENTOO
    http://security.gentoo.org/glsa/glsa-200710-19.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24548 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24592 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1148 x_refsource_CONFIRM
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    Date Public
    2007-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27314",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27314"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=305530"
              },
              {
                "name": "25393",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25393"
              },
              {
                "name": "29179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29179"
              },
              {
                "name": "ADV-2007-1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1939"
              },
              {
                "name": "23021",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23021"
              },
              {
                "name": "24616",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24616"
              },
              {
                "name": "1017796",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017796"
              },
              {
                "name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
                  "x_transferred"
                ],
                "url": "http://openbsd.org/errata40.html#015_file"
              },
              {
                "name": "27307",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27307"
              },
              {
                "name": "[file] 20070302 file-4.20 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2007/000161.html"
              },
              {
                "name": "MDKSA-2007:067",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
              },
              {
                "name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
              },
              {
                "name": "SUSE-SR:2007:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
              },
              {
                "name": "24723",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24723"
              },
              {
                "name": "24754",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24754"
              },
              {
                "name": "APPLE-SA-2007-05-24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
              },
              {
                "name": "25402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25402"
              },
              {
                "name": "RHSA-2007:0124",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
              },
              {
                "name": "25989",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25989"
              },
              {
                "name": "24604",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24604"
              },
              {
                "name": "oval:org.mitre.oval:def:10658",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
              },
              {
                "name": "SUSE-SA:2007:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
              },
              {
                "name": "25931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25931"
              },
              {
                "name": "DSA-1274",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1274"
              },
              {
                "name": "24617",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24617"
              },
              {
                "name": "openbsd-file-bo(36283)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
              },
              {
                "name": "ADV-2007-1040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
              },
              {
                "name": "25133",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25133"
              },
              {
                "name": "FreeBSD-SA-07:04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
              },
              {
                "name": "USN-439-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-439-1"
              },
              {
                "name": "NetBSD-SA2008-001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
              },
              {
                "name": "VU#606700",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/606700"
              },
              {
                "name": "24608",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24608"
              },
              {
                "name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
              },
              {
                "name": "GLSA-200703-26",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
              },
              {
                "name": "GLSA-200710-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
              },
              {
                "name": "24548",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24548"
              },
              {
                "name": "24592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24592"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1148"
              },
              {
                "name": "SSA:2007-093-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27314",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27314"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305530"
            },
            {
              "name": "25393",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25393"
            },
            {
              "name": "29179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29179"
            },
            {
              "name": "ADV-2007-1939",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1939"
            },
            {
              "name": "23021",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23021"
            },
            {
              "name": "24616",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24616"
            },
            {
              "name": "1017796",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017796"
            },
            {
              "name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENBSD"
              ],
              "url": "http://openbsd.org/errata40.html#015_file"
            },
            {
              "name": "27307",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27307"
            },
            {
              "name": "[file] 20070302 file-4.20 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2007/000161.html"
            },
            {
              "name": "MDKSA-2007:067",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
            },
            {
              "name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2007:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
            },
            {
              "name": "24723",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24723"
            },
            {
              "name": "24754",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24754"
            },
            {
              "name": "APPLE-SA-2007-05-24",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
            },
            {
              "name": "25402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25402"
            },
            {
              "name": "RHSA-2007:0124",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
            },
            {
              "name": "25989",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25989"
            },
            {
              "name": "24604",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24604"
            },
            {
              "name": "oval:org.mitre.oval:def:10658",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
            },
            {
              "name": "SUSE-SA:2007:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
            },
            {
              "name": "25931",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25931"
            },
            {
              "name": "DSA-1274",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1274"
            },
            {
              "name": "24617",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24617"
            },
            {
              "name": "openbsd-file-bo(36283)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
            },
            {
              "name": "ADV-2007-1040",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
            },
            {
              "name": "25133",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25133"
            },
            {
              "name": "FreeBSD-SA-07:04",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
            },
            {
              "name": "USN-439-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-439-1"
            },
            {
              "name": "NetBSD-SA2008-001",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
            },
            {
              "name": "VU#606700",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/606700"
            },
            {
              "name": "24608",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24608"
            },
            {
              "name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
            },
            {
              "name": "GLSA-200703-26",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
            },
            {
              "name": "GLSA-200710-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
            },
            {
              "name": "24548",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24548"
            },
            {
              "name": "24592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24592"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1148"
            },
            {
              "name": "SSA:2007-093-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27314",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27314"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=305530",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=305530"
                },
                {
                  "name": "25393",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25393"
                },
                {
                  "name": "29179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29179"
                },
                {
                  "name": "ADV-2007-1939",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1939"
                },
                {
                  "name": "23021",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23021"
                },
                {
                  "name": "24616",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24616"
                },
                {
                  "name": "1017796",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017796"
                },
                {
                  "name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
                  "refsource": "OPENBSD",
                  "url": "http://openbsd.org/errata40.html#015_file"
                },
                {
                  "name": "27307",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27307"
                },
                {
                  "name": "[file] 20070302 file-4.20 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2007/000161.html"
                },
                {
                  "name": "MDKSA-2007:067",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
                },
                {
                  "name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
                },
                {
                  "name": "SUSE-SR:2007:005",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
                },
                {
                  "name": "24723",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24723"
                },
                {
                  "name": "24754",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24754"
                },
                {
                  "name": "APPLE-SA-2007-05-24",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
                },
                {
                  "name": "25402",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25402"
                },
                {
                  "name": "RHSA-2007:0124",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
                },
                {
                  "name": "https://bugs.gentoo.org/show_bug.cgi?id=171452",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
                },
                {
                  "name": "25989",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25989"
                },
                {
                  "name": "24604",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24604"
                },
                {
                  "name": "oval:org.mitre.oval:def:10658",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
                },
                {
                  "name": "SUSE-SA:2007:040",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
                },
                {
                  "name": "25931",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25931"
                },
                {
                  "name": "DSA-1274",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1274"
                },
                {
                  "name": "24617",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24617"
                },
                {
                  "name": "openbsd-file-bo(36283)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
                },
                {
                  "name": "ADV-2007-1040",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1040"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
                },
                {
                  "name": "25133",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25133"
                },
                {
                  "name": "FreeBSD-SA-07:04",
                  "refsource": "FREEBSD",
                  "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
                },
                {
                  "name": "USN-439-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-439-1"
                },
                {
                  "name": "NetBSD-SA2008-001",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
                },
                {
                  "name": "VU#606700",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/606700"
                },
                {
                  "name": "24608",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24608"
                },
                {
                  "name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
                },
                {
                  "name": "GLSA-200703-26",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
                },
                {
                  "name": "GLSA-200710-19",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
                },
                {
                  "name": "24548",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24548"
                },
                {
                  "name": "24592",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24592"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1148",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1148"
                },
                {
                  "name": "SSA:2007-093-01",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1536",
        "datePublished": "2007-03-20T20:00:00.000Z",
        "dateReserved": "2007-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1304 (GCVE-0-2004-1304)

    Vulnerability from nvd – Published: 2004-12-22 05:00 – Updated: 2024-08-08 00:46
    VLAI
    Summary
    Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.trustix.net/errata/2004/0063/ vendor-advisoryx_refsource_TRUSTIX
    http://securitytracker.com/id?1012433 vdb-entryx_refsource_SECTRACK
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/11771 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:46:12.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2004-0063",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.net/errata/2004/0063/"
              },
              {
                "name": "1012433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012433"
              },
              {
                "name": "GLSA-200412-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
              },
              {
                "name": "11771",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11771"
              },
              {
                "name": "file-elf-header-bo(18368)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2004-0063",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.net/errata/2004/0063/"
            },
            {
              "name": "1012433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012433"
            },
            {
              "name": "GLSA-200412-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
            },
            {
              "name": "11771",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11771"
            },
            {
              "name": "file-elf-header-bo(18368)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1304",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2004-0063",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.net/errata/2004/0063/"
                },
                {
                  "name": "1012433",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012433"
                },
                {
                  "name": "GLSA-200412-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
                },
                {
                  "name": "11771",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11771"
                },
                {
                  "name": "file-elf-header-bo(18368)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1304",
        "datePublished": "2004-12-22T05:00:00.000Z",
        "dateReserved": "2004-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:46:12.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0102 (GCVE-0-2003-0102)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.idefense.com/advisory/03.04.03.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.redhat.com/support/errata/RHSA-2003-087.html vendor-advisoryx_refsource_REDHAT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/7008 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=104680706201721&w=2 mailing-listx_refsource_BUGTRAQ
    http://lwn.net/Alerts/34908/ vendor-advisoryx_refsource_IMMUNIX
    http://www.redhat.com/support/errata/RHSA-2003-086.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2003/dsa-260 vendor-advisoryx_refsource_DEBIAN
    http://www.kb.cert.org/vuls/id/611865 third-party-advisoryx_refsource_CERT-VN
    http://www.mandrakesoft.com/security/advisories?n… vendor-advisoryx_refsource_MANDRAKE
    Date Public
    2003-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:35.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/advisory/03.04.03.txt"
              },
              {
                "name": "file-afctr-read-bo(11469)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
              },
              {
                "name": "NetBSD-SA2003-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
              },
              {
                "name": "RHSA-2003:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
              },
              {
                "name": "SuSE-SA:2003:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
              },
              {
                "name": "7008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7008"
              },
              {
                "name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
              },
              {
                "name": "IMNX-2003-7+-012-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_IMMUNIX",
                  "x_transferred"
                ],
                "url": "http://lwn.net/Alerts/34908/"
              },
              {
                "name": "RHSA-2003:086",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
              },
              {
                "name": "DSA-260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2003/dsa-260"
              },
              {
                "name": "VU#611865",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/611865"
              },
              {
                "name": "MDKSA-2003:030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-11-29T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.idefense.com/advisory/03.04.03.txt"
            },
            {
              "name": "file-afctr-read-bo(11469)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
            },
            {
              "name": "NetBSD-SA2003-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
            },
            {
              "name": "RHSA-2003:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
            },
            {
              "name": "SuSE-SA:2003:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
            },
            {
              "name": "7008",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7008"
            },
            {
              "name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
            },
            {
              "name": "IMNX-2003-7+-012-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_IMMUNIX"
              ],
              "url": "http://lwn.net/Alerts/34908/"
            },
            {
              "name": "RHSA-2003:086",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
            },
            {
              "name": "DSA-260",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2003/dsa-260"
            },
            {
              "name": "VU#611865",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/611865"
            },
            {
              "name": "MDKSA-2003:030",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.idefense.com/advisory/03.04.03.txt",
                  "refsource": "MISC",
                  "url": "http://www.idefense.com/advisory/03.04.03.txt"
                },
                {
                  "name": "file-afctr-read-bo(11469)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
                },
                {
                  "name": "NetBSD-SA2003-003",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
                },
                {
                  "name": "RHSA-2003:087",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
                },
                {
                  "name": "SuSE-SA:2003:017",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
                },
                {
                  "name": "7008",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7008"
                },
                {
                  "name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
                },
                {
                  "name": "IMNX-2003-7+-012-01",
                  "refsource": "IMMUNIX",
                  "url": "http://lwn.net/Alerts/34908/"
                },
                {
                  "name": "RHSA-2003:086",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
                },
                {
                  "name": "DSA-260",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2003/dsa-260"
                },
                {
                  "name": "VU#611865",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/611865"
                },
                {
                  "name": "MDKSA-2003:030",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0102",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:35.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2799 (GCVE-0-2007-2799)

    Vulnerability from cvelistv5 – Published: 2007-05-23 21:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2007/dsa-1343 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/29179 third-party-advisoryx_refsource_SECUNIA
    http://www.trustix.org/errata/2007/0024/ vendor-advisoryx_refsource_TRUSTIX
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://secunia.com/advisories/26415 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/0924… vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018140 vdb-entryx_refsource_SECTRACK
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    https://issues.rpath.com/browse/RPL-1311 x_refsource_CONFIRM
    http://secunia.com/advisories/25931 third-party-advisoryx_refsource_SECUNIA
    http://www.amavis.org/security/asa-2007-3.txt x_refsource_CONFIRM
    http://secunia.com/advisories/25544 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29420 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2007-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/25578 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/archive/1/469520/30/… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/2071 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/25394 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://docs.info.apple.com/article.html?artnum=307562 x_refsource_CONFIRM
    http://secunia.com/advisories/26294 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26203 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/24146 vdb-entryx_refsource_BID
    http://osvdb.org/38498 vdb-entryx_refsource_OSVDB
    http://www.ubuntu.com/usn/usn-439-2 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2007-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.399Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-1343",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1343"
              },
              {
                "name": "29179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29179"
              },
              {
                "name": "2007-0024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2007/0024/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
              },
              {
                "name": "26415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26415"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
              },
              {
                "name": "ADV-2008-0924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0924/references"
              },
              {
                "name": "1018140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018140"
              },
              {
                "name": "SUSE-SA:2007:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1311"
              },
              {
                "name": "25931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25931"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.amavis.org/security/asa-2007-3.txt"
              },
              {
                "name": "25544",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25544"
              },
              {
                "name": "29420",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29420"
              },
              {
                "name": "MDKSA-2007:114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
              },
              {
                "name": "RHSA-2007:0391",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
              },
              {
                "name": "25578",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25578"
              },
              {
                "name": "APPLE-SA-2008-03-18",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
              },
              {
                "name": "20070524 FLEA-2007-0022-1: file",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
              },
              {
                "name": "file-assert-code-execution(34731)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
              },
              {
                "name": "ADV-2007-2071",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2071"
              },
              {
                "name": "25394",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25394"
              },
              {
                "name": "NetBSD-SA2008-001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=307562"
              },
              {
                "name": "26294",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26294"
              },
              {
                "name": "26203",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26203"
              },
              {
                "name": "GLSA-200705-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:11012",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
              },
              {
                "name": "24146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24146"
              },
              {
                "name": "38498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38498"
              },
              {
                "name": "USN-439-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-439-2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement.  NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
            "shortName": "freebsd"
          },
          "references": [
            {
              "name": "DSA-1343",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1343"
            },
            {
              "name": "29179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29179"
            },
            {
              "name": "2007-0024",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2007/0024/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
            },
            {
              "name": "26415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26415"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
            },
            {
              "name": "ADV-2008-0924",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "1018140",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018140"
            },
            {
              "name": "SUSE-SA:2007:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1311"
            },
            {
              "name": "25931",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25931"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.amavis.org/security/asa-2007-3.txt"
            },
            {
              "name": "25544",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25544"
            },
            {
              "name": "29420",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "MDKSA-2007:114",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
            },
            {
              "name": "RHSA-2007:0391",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
            },
            {
              "name": "25578",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25578"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "20070524 FLEA-2007-0022-1: file",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
            },
            {
              "name": "file-assert-code-execution(34731)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
            },
            {
              "name": "ADV-2007-2071",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2071"
            },
            {
              "name": "25394",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25394"
            },
            {
              "name": "NetBSD-SA2008-001",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "26294",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26294"
            },
            {
              "name": "26203",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26203"
            },
            {
              "name": "GLSA-200705-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:11012",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
            },
            {
              "name": "24146",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24146"
            },
            {
              "name": "38498",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38498"
            },
            {
              "name": "USN-439-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-439-2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secteam@freebsd.org",
              "ID": "CVE-2007-2799",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement.  NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-1343",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1343"
                },
                {
                  "name": "29179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29179"
                },
                {
                  "name": "2007-0024",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2007/0024/"
                },
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
                },
                {
                  "name": "26415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26415"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
                },
                {
                  "name": "ADV-2008-0924",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0924/references"
                },
                {
                  "name": "1018140",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018140"
                },
                {
                  "name": "SUSE-SA:2007:040",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1311",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1311"
                },
                {
                  "name": "25931",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25931"
                },
                {
                  "name": "http://www.amavis.org/security/asa-2007-3.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.amavis.org/security/asa-2007-3.txt"
                },
                {
                  "name": "25544",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25544"
                },
                {
                  "name": "29420",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29420"
                },
                {
                  "name": "MDKSA-2007:114",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
                },
                {
                  "name": "RHSA-2007:0391",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
                },
                {
                  "name": "25578",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25578"
                },
                {
                  "name": "APPLE-SA-2008-03-18",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
                },
                {
                  "name": "20070524 FLEA-2007-0022-1: file",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
                },
                {
                  "name": "file-assert-code-execution(34731)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
                },
                {
                  "name": "ADV-2007-2071",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2071"
                },
                {
                  "name": "25394",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25394"
                },
                {
                  "name": "NetBSD-SA2008-001",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=307562",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=307562"
                },
                {
                  "name": "26294",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26294"
                },
                {
                  "name": "26203",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26203"
                },
                {
                  "name": "GLSA-200705-25",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:11012",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
                },
                {
                  "name": "24146",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24146"
                },
                {
                  "name": "38498",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38498"
                },
                {
                  "name": "USN-439-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-439-2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "assignerShortName": "freebsd",
        "cveId": "CVE-2007-2799",
        "datePublished": "2007-05-23T21:00:00.000Z",
        "dateReserved": "2007-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1536 (GCVE-0-2007-1536)

    Vulnerability from cvelistv5 – Published: 2007-03-20 20:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/27314 third-party-advisoryx_refsource_SECUNIA
    http://docs.info.apple.com/article.html?artnum=305530 x_refsource_CONFIRM
    http://secunia.com/advisories/25393 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29179 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1939 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23021 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24616 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1017796 vdb-entryx_refsource_SECTRACK
    http://openbsd.org/errata40.html#015_file vendor-advisoryx_refsource_OPENBSD
    http://secunia.com/advisories/27307 third-party-advisoryx_refsource_SECUNIA
    http://mx.gw.com/pipermail/file/2007/000161.html mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/477950/100… mailing-listx_refsource_BUGTRAQ
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/24723 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24754 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/25402 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    https://bugs.gentoo.org/show_bug.cgi?id=171452 x_refsource_CONFIRM
    http://secunia.com/advisories/25989 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24604 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/25931 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2007/dsa-1274 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/24617 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/1040 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/25133 third-party-advisoryx_refsource_SECUNIA
    http://security.freebsd.org/advisories/FreeBSD-SA… vendor-advisoryx_refsource_FREEBSD
    http://www.ubuntu.com/usn/usn-439-1 vendor-advisoryx_refsource_UBUNTU
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.kb.cert.org/vuls/id/606700 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/24608 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/477861/100… mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200703-26.xml vendor-advisoryx_refsource_GENTOO
    http://security.gentoo.org/glsa/glsa-200710-19.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24548 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24592 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1148 x_refsource_CONFIRM
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    Date Public
    2007-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27314",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27314"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=305530"
              },
              {
                "name": "25393",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25393"
              },
              {
                "name": "29179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29179"
              },
              {
                "name": "ADV-2007-1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1939"
              },
              {
                "name": "23021",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23021"
              },
              {
                "name": "24616",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24616"
              },
              {
                "name": "1017796",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017796"
              },
              {
                "name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
                  "x_transferred"
                ],
                "url": "http://openbsd.org/errata40.html#015_file"
              },
              {
                "name": "27307",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27307"
              },
              {
                "name": "[file] 20070302 file-4.20 is now available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mx.gw.com/pipermail/file/2007/000161.html"
              },
              {
                "name": "MDKSA-2007:067",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
              },
              {
                "name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
              },
              {
                "name": "SUSE-SR:2007:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
              },
              {
                "name": "24723",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24723"
              },
              {
                "name": "24754",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24754"
              },
              {
                "name": "APPLE-SA-2007-05-24",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
              },
              {
                "name": "25402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25402"
              },
              {
                "name": "RHSA-2007:0124",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
              },
              {
                "name": "25989",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25989"
              },
              {
                "name": "24604",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24604"
              },
              {
                "name": "oval:org.mitre.oval:def:10658",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
              },
              {
                "name": "SUSE-SA:2007:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
              },
              {
                "name": "25931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25931"
              },
              {
                "name": "DSA-1274",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1274"
              },
              {
                "name": "24617",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24617"
              },
              {
                "name": "openbsd-file-bo(36283)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
              },
              {
                "name": "ADV-2007-1040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
              },
              {
                "name": "25133",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25133"
              },
              {
                "name": "FreeBSD-SA-07:04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
              },
              {
                "name": "USN-439-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-439-1"
              },
              {
                "name": "NetBSD-SA2008-001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
              },
              {
                "name": "VU#606700",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/606700"
              },
              {
                "name": "24608",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24608"
              },
              {
                "name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
              },
              {
                "name": "GLSA-200703-26",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
              },
              {
                "name": "GLSA-200710-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
              },
              {
                "name": "24548",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24548"
              },
              {
                "name": "24592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24592"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1148"
              },
              {
                "name": "SSA:2007-093-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27314",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27314"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305530"
            },
            {
              "name": "25393",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25393"
            },
            {
              "name": "29179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29179"
            },
            {
              "name": "ADV-2007-1939",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1939"
            },
            {
              "name": "23021",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23021"
            },
            {
              "name": "24616",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24616"
            },
            {
              "name": "1017796",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017796"
            },
            {
              "name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENBSD"
              ],
              "url": "http://openbsd.org/errata40.html#015_file"
            },
            {
              "name": "27307",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27307"
            },
            {
              "name": "[file] 20070302 file-4.20 is now available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mx.gw.com/pipermail/file/2007/000161.html"
            },
            {
              "name": "MDKSA-2007:067",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
            },
            {
              "name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2007:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
            },
            {
              "name": "24723",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24723"
            },
            {
              "name": "24754",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24754"
            },
            {
              "name": "APPLE-SA-2007-05-24",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
            },
            {
              "name": "25402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25402"
            },
            {
              "name": "RHSA-2007:0124",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
            },
            {
              "name": "25989",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25989"
            },
            {
              "name": "24604",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24604"
            },
            {
              "name": "oval:org.mitre.oval:def:10658",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
            },
            {
              "name": "SUSE-SA:2007:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
            },
            {
              "name": "25931",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25931"
            },
            {
              "name": "DSA-1274",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1274"
            },
            {
              "name": "24617",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24617"
            },
            {
              "name": "openbsd-file-bo(36283)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
            },
            {
              "name": "ADV-2007-1040",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
            },
            {
              "name": "25133",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25133"
            },
            {
              "name": "FreeBSD-SA-07:04",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
            },
            {
              "name": "USN-439-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-439-1"
            },
            {
              "name": "NetBSD-SA2008-001",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
            },
            {
              "name": "VU#606700",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/606700"
            },
            {
              "name": "24608",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24608"
            },
            {
              "name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
            },
            {
              "name": "GLSA-200703-26",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
            },
            {
              "name": "GLSA-200710-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
            },
            {
              "name": "24548",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24548"
            },
            {
              "name": "24592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24592"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1148"
            },
            {
              "name": "SSA:2007-093-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27314",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27314"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=305530",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=305530"
                },
                {
                  "name": "25393",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25393"
                },
                {
                  "name": "29179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29179"
                },
                {
                  "name": "ADV-2007-1939",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1939"
                },
                {
                  "name": "23021",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23021"
                },
                {
                  "name": "24616",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24616"
                },
                {
                  "name": "1017796",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017796"
                },
                {
                  "name": "[4.0] 20070709 015: SECURITY FIX: July 9, 2007",
                  "refsource": "OPENBSD",
                  "url": "http://openbsd.org/errata40.html#015_file"
                },
                {
                  "name": "27307",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27307"
                },
                {
                  "name": "[file] 20070302 file-4.20 is now available",
                  "refsource": "MLIST",
                  "url": "http://mx.gw.com/pipermail/file/2007/000161.html"
                },
                {
                  "name": "MDKSA-2007:067",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:067"
                },
                {
                  "name": "20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477950/100/0/threaded"
                },
                {
                  "name": "SUSE-SR:2007:005",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
                },
                {
                  "name": "24723",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24723"
                },
                {
                  "name": "24754",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24754"
                },
                {
                  "name": "APPLE-SA-2007-05-24",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
                },
                {
                  "name": "25402",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25402"
                },
                {
                  "name": "RHSA-2007:0124",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0124.html"
                },
                {
                  "name": "https://bugs.gentoo.org/show_bug.cgi?id=171452",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.gentoo.org/show_bug.cgi?id=171452"
                },
                {
                  "name": "25989",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25989"
                },
                {
                  "name": "24604",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24604"
                },
                {
                  "name": "oval:org.mitre.oval:def:10658",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658"
                },
                {
                  "name": "SUSE-SA:2007:040",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
                },
                {
                  "name": "25931",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25931"
                },
                {
                  "name": "DSA-1274",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1274"
                },
                {
                  "name": "24617",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24617"
                },
                {
                  "name": "openbsd-file-bo(36283)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36283"
                },
                {
                  "name": "ADV-2007-1040",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1040"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm"
                },
                {
                  "name": "25133",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25133"
                },
                {
                  "name": "FreeBSD-SA-07:04",
                  "refsource": "FREEBSD",
                  "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc"
                },
                {
                  "name": "USN-439-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-439-1"
                },
                {
                  "name": "NetBSD-SA2008-001",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
                },
                {
                  "name": "VU#606700",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/606700"
                },
                {
                  "name": "24608",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24608"
                },
                {
                  "name": "20070825 OpenBSD 4.1 - Heap overflow vulnerabillity",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477861/100/0/threaded"
                },
                {
                  "name": "GLSA-200703-26",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200703-26.xml"
                },
                {
                  "name": "GLSA-200710-19",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200710-19.xml"
                },
                {
                  "name": "24548",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24548"
                },
                {
                  "name": "24592",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24592"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1148",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1148"
                },
                {
                  "name": "SSA:2007-093-01",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.512926"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1536",
        "datePublished": "2007-03-20T20:00:00.000Z",
        "dateReserved": "2007-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1304 (GCVE-0-2004-1304)

    Vulnerability from cvelistv5 – Published: 2004-12-22 05:00 – Updated: 2024-08-08 00:46
    VLAI
    Summary
    Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.trustix.net/errata/2004/0063/ vendor-advisoryx_refsource_TRUSTIX
    http://securitytracker.com/id?1012433 vdb-entryx_refsource_SECTRACK
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/11771 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:46:12.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2004-0063",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.net/errata/2004/0063/"
              },
              {
                "name": "1012433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012433"
              },
              {
                "name": "GLSA-200412-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
              },
              {
                "name": "11771",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11771"
              },
              {
                "name": "file-elf-header-bo(18368)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2004-0063",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.net/errata/2004/0063/"
            },
            {
              "name": "1012433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012433"
            },
            {
              "name": "GLSA-200412-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
            },
            {
              "name": "11771",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11771"
            },
            {
              "name": "file-elf-header-bo(18368)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1304",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2004-0063",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.net/errata/2004/0063/"
                },
                {
                  "name": "1012433",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012433"
                },
                {
                  "name": "GLSA-200412-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml"
                },
                {
                  "name": "11771",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11771"
                },
                {
                  "name": "file-elf-header-bo(18368)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18368"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1304",
        "datePublished": "2004-12-22T05:00:00.000Z",
        "dateReserved": "2004-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:46:12.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0102 (GCVE-0-2003-0102)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.idefense.com/advisory/03.04.03.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.redhat.com/support/errata/RHSA-2003-087.html vendor-advisoryx_refsource_REDHAT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/7008 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=104680706201721&w=2 mailing-listx_refsource_BUGTRAQ
    http://lwn.net/Alerts/34908/ vendor-advisoryx_refsource_IMMUNIX
    http://www.redhat.com/support/errata/RHSA-2003-086.html vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2003/dsa-260 vendor-advisoryx_refsource_DEBIAN
    http://www.kb.cert.org/vuls/id/611865 third-party-advisoryx_refsource_CERT-VN
    http://www.mandrakesoft.com/security/advisories?n… vendor-advisoryx_refsource_MANDRAKE
    Date Public
    2003-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:35.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/advisory/03.04.03.txt"
              },
              {
                "name": "file-afctr-read-bo(11469)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
              },
              {
                "name": "NetBSD-SA2003-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
              },
              {
                "name": "RHSA-2003:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
              },
              {
                "name": "SuSE-SA:2003:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
              },
              {
                "name": "7008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7008"
              },
              {
                "name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
              },
              {
                "name": "IMNX-2003-7+-012-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_IMMUNIX",
                  "x_transferred"
                ],
                "url": "http://lwn.net/Alerts/34908/"
              },
              {
                "name": "RHSA-2003:086",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
              },
              {
                "name": "DSA-260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2003/dsa-260"
              },
              {
                "name": "VU#611865",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/611865"
              },
              {
                "name": "MDKSA-2003:030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-11-29T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.idefense.com/advisory/03.04.03.txt"
            },
            {
              "name": "file-afctr-read-bo(11469)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
            },
            {
              "name": "NetBSD-SA2003-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
            },
            {
              "name": "RHSA-2003:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
            },
            {
              "name": "SuSE-SA:2003:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
            },
            {
              "name": "7008",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7008"
            },
            {
              "name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
            },
            {
              "name": "IMNX-2003-7+-012-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_IMMUNIX"
              ],
              "url": "http://lwn.net/Alerts/34908/"
            },
            {
              "name": "RHSA-2003:086",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
            },
            {
              "name": "DSA-260",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2003/dsa-260"
            },
            {
              "name": "VU#611865",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/611865"
            },
            {
              "name": "MDKSA-2003:030",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.idefense.com/advisory/03.04.03.txt",
                  "refsource": "MISC",
                  "url": "http://www.idefense.com/advisory/03.04.03.txt"
                },
                {
                  "name": "file-afctr-read-bo(11469)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
                },
                {
                  "name": "NetBSD-SA2003-003",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
                },
                {
                  "name": "RHSA-2003:087",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
                },
                {
                  "name": "SuSE-SA:2003:017",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
                },
                {
                  "name": "7008",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7008"
                },
                {
                  "name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104680706201721\u0026w=2"
                },
                {
                  "name": "IMNX-2003-7+-012-01",
                  "refsource": "IMMUNIX",
                  "url": "http://lwn.net/Alerts/34908/"
                },
                {
                  "name": "RHSA-2003:086",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
                },
                {
                  "name": "DSA-260",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2003/dsa-260"
                },
                {
                  "name": "VU#611865",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/611865"
                },
                {
                  "name": "MDKSA-2003:030",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0102",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:35.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }