CVE-2007-2799

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2007-2799 DSA-1343-1 DSA-1343-2 OPENSUSE-SU-2024:10755-1 RHSA-2007:0391

Modified

Published: 23 May 2007, 21:00

Last modified:07 Aug 2024, 13:49

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5.1 MEDIUM

v2.0 (nvd)

EPSS Score

3.49% LOW

3% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 May 2007, 21:00

Published

Vulnerability first disclosed

07 Aug 2024, 13:49

Last Modified

Vulnerability information updated

Description

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

CVSS Metrics

v2.0•MEDIUM•Score: 5.1AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 3.49%• Percentile: 88%

Techniques & Countermeasures

CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

file•file
4.2