Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2007-1536 — Integer Overflow or Wraparound in File
Severity
9.3CRITICALNVD
EPSS
41.9%
top 2.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 20
Latest updateMay 3
Description
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages2 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-h28w-vfj4-vh5j: Integer underflow in the file_printf function in the "file" program before 4↗2022-05-03
OSV▶
CVE-2007-1536: Integer underflow in the file_printf function in the "file" program before 4↗2007-03-20
CVEList▶
CVE-2007-1536: Integer underflow in the file_printf function in the "file" program before 4↗2007-03-20
💥Exploits & PoCs
1📋Vendor Advisories
5Debian▶
CVE-2007-1536: file - Integer underflow in the file_printf function in the "file" program before 4.20 ...↗2007
💬Community
3Bugzilla▶
CVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution↗2007-03-21
Bugzilla▶
CVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution↗2007-03-20
Bugzilla▶
CVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution↗2007-03-20