CVE-2007-2026 — Classic Buffer Overflow in File

CWE-120 — Classic Buffer Overflow10 documents9 sources

Severity

7.8HIGHNVD

EPSS

3.0%

top 13.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File Gentoo File

Timeline

PublishedApr 13

Latest updateFeb 12

Description

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianfile_project/file< 4.20-6+3

▶NVDgentoo/file4.20

🔴Vulnerability Details

GHSA

GHSA-q6xr-rq9m-h889: The gnu regular expression code in file 4↗2022-05-01

▶

OSV

CVE-2007-2026: The gnu regular expression code in file 4↗2007-04-13

▶

CVEList

CVE-2007-2026: The gnu regular expression code in file 4↗2007-04-13

▶

📋Vendor Advisories

Red Hat

postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory↗2026-02-12

▶

Debian

CVE-2007-2026: file - The gnu regular expression code in file 4.20 allows context-dependent attackers ...↗2007

▶

Red Hat

CVE-2007-2026: The gnu regular expression code in file 4↗

▶

🕵️Threat Intelligence

Trendmicro

Do Online Mainframes Compomise Business Processes?↗2017-07-13

▶