4 matches found
CVE-2007-1536
The CVE-2007-1536 issue is an integer underflow in the file_printf() function of the file(1) utility (used by The Sleuth Kit). This can cause a heap-based buffer overflow when processing crafted files, potentially allowing arbitrary code execution with the invoked user’s privileges. Public adviso...
CVE-2004-1304
CVE-2004-1304 affects the file utility; a stack-based buffer overflow in the ELF header parsing code (in file before 4.12) could allow arbitrary code execution when processing a crafted ELF file. Impact: arbitrary code execution with full privileges as described in the vulnerability entry. Remedi...
CVE-2007-2799
The CVE-2007-2799 issue affects the file utility (4.20 on 32‑bit systems) used by products like The Sleuth Kit. The root cause is an integer overflow introduced by a patch for CVE-2007-1536, which could allow user‑assisted arbitrary code execution via a crafted large file. Public advisories confi...
CVE-2003-0102
CVE-2003-0102 describes a local buffer overflow in file’s tryelf() (readelf.c) that can allow arbitrary code execution as the user running file, potentially triggered by a crafted ELF header value (elfhdr.e_shentsize). Connected advisories indicate patches are available for the vulnerable file pa...