// For flags

CVE-2007-1536

File 4.13 - Command File_PrintF Integer Underflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

Un subdesbordamiento de enteros en la función file_printf en el programa "file" anterior a versión 4.20, permite a los atacantes asistidos por el usuario ejecutar código arbitrario por medio de un archivo que desencadena un desbordamiento de búfer en la región heap de la memoria.

Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-03-19 First Exploit
  • 2007-03-20 CVE Reserved
  • 2007-03-20 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (46)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=305530 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm X_refsource_confirm
http://www.kb.cert.org/vuls/id/606700 Third Party Advisory
http://www.securityfocus.com/archive/1/477861/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/477950/100/0/threaded Mailing List
http://www.securityfocus.com/bid/23021 Vdb Entry
http://www.securitytracker.com/id?1017796 Vdb Entry
https://bugs.gentoo.org/show_bug.cgi?id=171452 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/36283 Vdb Entry
https://issues.rpath.com/browse/RPL-1148 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658 Signature
URL Date SRC
https://www.exploit-db.com/exploits/29753 2007-03-19
URL Date SRC
http://mx.gw.com/pipermail/file/2007/000161.html 2018-10-16
http://secunia.com/advisories/24548 2018-10-16
URL Date SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc 2018-10-16
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html 2018-10-16
http://openbsd.org/errata40.html#015_file 2018-10-16
http://secunia.com/advisories/24592 2018-10-16
http://secunia.com/advisories/24604 2018-10-16
http://secunia.com/advisories/24608 2018-10-16
http://secunia.com/advisories/24616 2018-10-16
http://secunia.com/advisories/24617 2018-10-16
http://secunia.com/advisories/24723 2018-10-16
http://secunia.com/advisories/24754 2018-10-16
http://secunia.com/advisories/25133 2018-10-16
http://secunia.com/advisories/25393 2018-10-16
http://secunia.com/advisories/25402 2018-10-16
http://secunia.com/advisories/25931 2018-10-16
http://secunia.com/advisories/25989 2018-10-16
http://secunia.com/advisories/27307 2018-10-16
http://secunia.com/advisories/27314 2018-10-16
http://secunia.com/advisories/29179 2018-10-16
http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc 2018-10-16
http://security.gentoo.org/glsa/glsa-200703-26.xml 2018-10-16
http://security.gentoo.org/glsa/glsa-200710-19.xml 2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926 2018-10-16
http://www.debian.org/security/2007/dsa-1274 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067 2018-10-16
http://www.novell.com/linux/security/advisories/2007_40_file.html 2018-10-16
http://www.novell.com/linux/security/advisories/2007_5_sr.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0124.html 2018-10-16
http://www.ubuntu.com/usn/usn-439-1 2018-10-16
http://www.vupen.com/english/advisories/2007/1040 2018-10-16
http://www.vupen.com/english/advisories/2007/1939 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-1536 2007-03-23
https://bugzilla.redhat.com/show_bug.cgi?id=233164 2007-03-23
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
File
Search vendor "File"
 File
Search vendor "File" for product "File"
 <= 4.19
Search vendor "File" for product "File" and version " <= 4.19"
-
Affected