Gnu Findutils vulnerabilities

CVE-2007-2452 [MEDIUM] CVE-2007-2452: Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU find Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

CVE-2001-1036 [HIGH] CVE-2001-1036: GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an ol GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.