File : Security Vulnerabilities, CVEs, Published In 2007
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
Max CVSS
5.1
EPSS Score
2.27%
Published
2007-05-23
Updated
2018-10-16
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
4.86%
Published
2007-03-20
Updated
2018-10-16
2 vulnerabilities found