RSS   Vulnerabilities for 'FILE'   RSS

2007-05-23
 
CVE-2007-2799

CWE-189
 

 
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

 
2007-03-20
 
CVE-2007-1536

CWE-189
 

 
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

 
2005-01-10
 
CVE-2004-1304

 

 
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

 
2003-03-18
 
CVE-2003-0102

CWE-Other
 

 
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

 


Copyright 2024, cxsecurity.com

 

Back to Top