Page 4 of 17 results (0.006 seconds)

CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 1

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Un subdesbordamiento de enteros en la función file_printf en el programa "file" anterior a versión 4.20, permite a los atacantes asistidos por el usuario ejecutar código arbitrario por medio de un archivo que desencadena un desbordamiento de búfer en la región heap de la memoria. • https://www.exploit-db.com/exploits/29753 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://mx.gw.com/pipermail/file/2007/000161.html http://openbsd.org/errata40.html#015_file http://secunia.com/advisories/24548 http://secunia.com/advisories/24592 http://secunia.com/advisories/24604 http://secunia.com/advisories • CWE-189: Numeric Errors •

CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 3

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). • https://www.exploit-db.com/exploits/22324 https://www.exploit-db.com/exploits/22325 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc http://lwn.net/Alerts/34908 http://marc.info/?l=bugtraq&m=104680706201721&w=2 http://www.debian.org/security/2003/dsa-260 http://www.idefense.com/advisory/03.04.03.txt http://www.kb.cert.org/vuls/id/611865 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 http://www.novell.com& •