CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
92.8%
Problem Description:
When writing data into a buffer in the file_printf function,
the length of the unused portion of the buffer is not
correctly tracked, resulting in a buffer overflow when
processing certain files.
Impact:
An attacker who can cause file(1) to be run on a maliciously
constructed input can cause file(1) to crash. It may be
possible for such an attacker to execute arbitrary code with
the privileges of the user running file(1).
The above also applies to any other applications using the
libmagic(3) library.
Workaround:
No workaround is available, but systems where file(1) and
other libmagic(3)-using applications are never run on
untrusted input are not vulnerable.