Lucene search

MitreCVE-2007-1536

HistoryMar 20, 2007 - 8:19 p.m.

CVE-2007-1536

2007-03-2020:19:00

CWE-189

mitre

web.nvd.nist.gov

cve-2007-1536

integer underflow

file program

arbitrary code execution

heap-based buffer overflow

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.8

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Integer underflow in the file_printf function in the “file” program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

Affected configurations

Nvd

Node

filefileRange≤4.19

VendorProductVersionCPE
filefile*cpe:2.3:a:file:file:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
file	file	*	cpe:2.3:a:file:file::::::::

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc

docs.info.apple.com/article.html?artnum=305530

lists.apple.com/archives/security-announce/2007/May/msg00004.html

mx.gw.com/pipermail/file/2007/000161.html

openbsd.org/errata40.html#015_file

secunia.com/advisories/24548

secunia.com/advisories/24592

secunia.com/advisories/24604

secunia.com/advisories/24608

secunia.com/advisories/24616

secunia.com/advisories/24617

secunia.com/advisories/24723

secunia.com/advisories/24754

secunia.com/advisories/25133

secunia.com/advisories/25393

secunia.com/advisories/25402

secunia.com/advisories/25931

secunia.com/advisories/25989

secunia.com/advisories/27307

secunia.com/advisories/27314

secunia.com/advisories/29179

security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc

security.gentoo.org/glsa/glsa-200703-26.xml

security.gentoo.org/glsa/glsa-200710-19.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926

support.avaya.com/elmodocs2/security/ASA-2007-179.htm

www.debian.org/security/2007/dsa-1274

www.kb.cert.org/vuls/id/606700

www.mandriva.com/security/advisories?name=MDKSA-2007:067

www.novell.com/linux/security/advisories/2007_40_file.html

www.novell.com/linux/security/advisories/2007_5_sr.html

www.redhat.com/support/errata/RHSA-2007-0124.html

www.securityfocus.com/archive/1/477861/100/0/threaded

www.securityfocus.com/archive/1/477950/100/0/threaded

www.securityfocus.com/bid/23021

www.securitytracker.com/id?1017796

www.ubuntu.com/usn/usn-439-1

www.vupen.com/english/advisories/2007/1040

www.vupen.com/english/advisories/2007/1939

bugs.gentoo.org/show_bug.cgi?id=171452

exchange.xforce.ibmcloud.com/vulnerabilities/36283

issues.rpath.com/browse/RPL-1148

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.8

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

CVE-2007-1536

Affected configurations

References

Related