Published: 11/09/2017 Updated: 08/11/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

Vulnerable Product	Search on Vulmon	Subscribe to Product
file project file 5.29

The file utility could be made to crash if it opened a specially crafted file ...

Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted notes section is processed For the stable distribution (stretch), this problem has been fixed in version 1:530-1+deb9u1 For the unstable distribution (sid), this p ...

An issue in file allowed an attacker to overwrite a fixed 20-byte stack buffer with a specially crafted notes section in an ELF binary ...

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted notes section in an ELF binary This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017) ...

CWE-119 https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793 https://security.gentoo.org/glsa/201710-02 http://www.debian.org/security/2017/dsa-3965 https://usn.ubuntu.com/3412-1/https://nvd.nist.gov

CVE-2017-1000249

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect