Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1304

8 documents7 sources
Severity
10.0CRITICAL
EPSS
5.7%
top 9.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
File FileTrustix Secure Linux
Timeline
PublishedJan 10
Latest updateApr 29

Description

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

Debianfile< 4.12+3
NVDfile/file12 versions+11
NVDtrustix/secure_linux2.0, 2.1, 2.2+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-w22m-7gfq-73mf: Stack-based buffer overflow in the ELF header parsing code in file before 42022-04-29
OSV
CVE-2004-1304: Stack-based buffer overflow in the ELF header parsing code in file before 42005-01-10
CVEList
CVE-2004-1304: Stack-based buffer overflow in the ELF header parsing code in file before 42004-12-22

💥Exploits & PoCs

1
Exploit-DB
File ELF 4.x - Header Buffer Overflow2004-11-29

📋Vendor Advisories

1
Debian
CVE-2004-1304: file - Stack-based buffer overflow in the ELF header parsing code in file before 4.12 a...2004

💬Community

2
Bugzilla
CAN-2004-1304 File ELF Header Unspecified Buffer Overflow2005-04-25
Bugzilla
CAN-2004-1304, File ELF Header Unspecified Buffer Overflow2004-12-07
CVE-2004-1304 (CRITICAL CVSS 10) | Stack-based buffer overflow in the | cvebase.io