CVE-2007-2799 — Integer Overflow or Wraparound in File

CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

5.1MEDIUMNVD

CNA9.3OSV9.3

EPSS

3.5%

top 12.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File File

Timeline

PublishedMay 23

Latest updateMay 3

Description

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶Debianfile_project/file< 4.21-1+3

▶NVDfile/file4.2

🔴Vulnerability Details

GHSA

GHSA-g967-rw3c-p2f7: Integer overflow in the "file" program 4↗2022-05-03

▶

OSV

CVE-2007-2799: Integer overflow in the "file" program 4↗2007-05-23

▶

CVEList

CVE-2007-2799: Integer overflow in the "file" program 4↗2007-05-23

▶

📋Vendor Advisories

Ubuntu

file vulnerability↗2007-06-11

▶

Red Hat

file integer overflow↗2007-05-23

▶

Debian

CVE-2007-2799: file - Integer overflow in the "file" program 4.20, when running on 32-bit systems, as ...↗2007

▶