Integer underflow in the "file" program before 4.20 - Thomas Vogt - org.freebsd.freebsd-security

4 messages in org.freebsd.freebsd-securityInteger underflow in the "file" progr...

From	Sent On	Attachments
Thomas Vogt	Mar 29, 2007 4:16 pm
Simon L. Nielsen	Mar 31, 2007 5:40 am
Gabor Kovesdan	Mar 31, 2007 11:28 am
Oliver Fromme	Apr 19, 2007 2:37 pm

Subject:	Integer underflow in the "file" program before 4.20
From:	Thomas Vogt (tho...@bsdunix.ch)
Date:	Mar 29, 2007 4:16:34 pm
List:	org.freebsd.freebsd-security

Hello

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 "Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."

Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The port has 4.20.

Regards, Thomas

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets