CVE-2007-1536 – File 4.13 - Command File_PrintF Integer Underflow
https://notcve.org/view.php?id=CVE-2007-1536
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Un subdesbordamiento de enteros en la función file_printf en el programa "file" anterior a versión 4.20, permite a los atacantes asistidos por el usuario ejecutar código arbitrario por medio de un archivo que desencadena un desbordamiento de búfer en la región heap de la memoria. • https://www.exploit-db.com/exploits/29753 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://mx.gw.com/pipermail/file/2007/000161.html http://openbsd.org/errata40.html#015_file http://secunia.com/advisories/24548 http://secunia.com/advisories/24592 http://secunia.com/advisories/24604 http://secunia.com/advisories • CWE-189: Numeric Errors •
CVE-2003-1092 – File 3.x - Utility Local Memory Allocation
https://notcve.org/view.php?id=CVE-2003-1092
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact. • https://www.exploit-db.com/exploits/22326 http://www.kb.cert.org/vuls/id/100937 http://www.securityfocus.com/archive/1/313847 http://www.securityfocus.com/bid/7009 https://exchange.xforce.ibmcloud.com/vulnerabilities/11488 •
CVE-2003-0102 – File 3.x - Local Stack Overflow Code Execution
https://notcve.org/view.php?id=CVE-2003-0102
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). • https://www.exploit-db.com/exploits/22324 https://www.exploit-db.com/exploits/22325 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc http://lwn.net/Alerts/34908 http://marc.info/?l=bugtraq&m=104680706201721&w=2 http://www.debian.org/security/2003/dsa-260 http://www.idefense.com/advisory/03.04.03.txt http://www.kb.cert.org/vuls/id/611865 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 http://www.novell.com& •