CVE-2017-1000249

NONE EPSS 32.3%
Published Sep 11, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 11, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

Threat Intelligence

EPSS Exploit Probability
32.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 1

VendorProductVersionRange
file_projectfile5.29any

References 4

  • debian.org http://www.debian.org/security/2017/dsa-3965
  • github.com https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
    PatchThird Party Advisory
  • github.com https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d
    PatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201710-02

Remediation

  • github.com https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
    PatchThird Party Advisory
  • github.com https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d
    PatchThird Party Advisory