PT-2007-7526 · Suse+2 · Suse Linux Enterprise+3

Published

1970-01-01

·

Updated

2024-06-15

·

CVE-2007-1536

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions file versions prior to 4.20 file-x86 versions prior to 4.20 file-64bit versions prior to 4.20 file-32bit versions prior to 4.20 file-devel versions prior to 4.20
Description The issue concerns multiple vulnerabilities in the file package of various Linux operating systems, including openSUSE and SUSE Linux Enterprise. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation can result in the execution of arbitrary code via a file that triggers a heap-based buffer overflow, specifically due to an integer underflow in the file printf function.
Recommendations For file versions prior to 4.20, update to version 4.20 or later. For file-x86 versions prior to 4.20, update to version 4.20 or later. For file-64bit versions prior to 4.20, update to version 4.20 or later. For file-32bit versions prior to 4.20, update to version 4.20 or later. For file-devel versions prior to 4.20, update to version 4.20 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2015-04611
BDU:2015-04612
BDU:2015-04613
BDU:2015-04614
BDU:2015-04615
BDU:2015-04962
BDU:2015-04963
BDU:2015-04964
BDU:2015-04965
BDU:2015-04966
BDU:2015-09561
CVE-2007-1536
DSA-1274-1
OPENSUSE-SU-2024:10755-1
RHSA-2007:0124
RHSA-2007_0124

Affected Products

Red Hat
Suse Linux Enterprise
File
Opensuse