Search for vulnerabilities
Vulnerability details: VCID-uhtv-ftts-aaac
Vulnerability ID VCID-uhtv-ftts-aaac
Aliases CVE-2007-1536
Summary Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0124
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.04864 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.12950 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.12950 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.12950 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.39647 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
epss 0.45027 https://api.first.org/data/v1/epss?cve=CVE-2007-1536
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=233164
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2007-1536
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
http://docs.info.apple.com/article.html?artnum=305530
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://mx.gw.com/pipermail/file/2007/000161.html
http://openbsd.org/errata40.html#015_file
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1536.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1536
https://bugs.gentoo.org/show_bug.cgi?id=171452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
http://secunia.com/advisories/24548
http://secunia.com/advisories/24592
http://secunia.com/advisories/24604
http://secunia.com/advisories/24608
http://secunia.com/advisories/24616
http://secunia.com/advisories/24617
http://secunia.com/advisories/24723
http://secunia.com/advisories/24754
http://secunia.com/advisories/25133
http://secunia.com/advisories/25393
http://secunia.com/advisories/25402
http://secunia.com/advisories/25931
http://secunia.com/advisories/25989
http://secunia.com/advisories/27307
http://secunia.com/advisories/27314
http://secunia.com/advisories/29179
http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc
http://security.gentoo.org/glsa/glsa-200703-26.xml
http://security.gentoo.org/glsa/glsa-200710-19.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/36283
https://issues.rpath.com/browse/RPL-1148
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658
http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm
http://www.debian.org/security/2007/dsa-1274
http://www.kb.cert.org/vuls/id/606700
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067
http://www.novell.com/linux/security/advisories/2007_40_file.html
http://www.novell.com/linux/security/advisories/2007_5_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0124.html
http://www.securityfocus.com/archive/1/477861/100/0/threaded
http://www.securityfocus.com/archive/1/477950/100/0/threaded
http://www.securityfocus.com/bid/23021
http://www.securitytracker.com/id?1017796
http://www.ubuntu.com/usn/usn-439-1
http://www.vupen.com/english/advisories/2007/1040
http://www.vupen.com/english/advisories/2007/1939
233164 https://bugzilla.redhat.com/show_bug.cgi?id=233164
415362 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415362
cpe:2.3:a:file:file:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:*:*:*:*:*:*:*:*
CVE-2007-1536 https://nvd.nist.gov/vuln/detail/CVE-2007-1536
CVE-2007-1536;OSVDB-34285 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29753.c
CVE-2007-1536;OSVDB-34285 Exploit https://www.securityfocus.com/bid/23021/info
GLSA-200703-26 https://security.gentoo.org/glsa/200703-26
GLSA-200710-19 https://security.gentoo.org/glsa/200710-19
GLSA-201412-11 https://security.gentoo.org/glsa/201412-11
RHSA-2007:0124 https://access.redhat.com/errata/RHSA-2007:0124
USN-439-1 https://usn.ubuntu.com/439-1/
Data source Exploit-DB
Date added March 19, 2007
Description File(1) 4.13 - Command File_PrintF Integer Underflow
Ransomware campaign use Known
Source publication date March 19, 2007
Exploit type remote
Platform linux
Source update date Nov. 21, 2013
Source URL https://www.securityfocus.com/bid/23021/info
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1536
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92964
EPSS Score 0.04864
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.