CVE-2017-1000249
NONE EPSS 32.3%
Published Sep 11, 20178y ago · Modified Jun 17, 20262w ago
Published Sep 11, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
Threat Intelligence
EPSS Exploit Probability
32.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| file_project | file | 5.29 | any |
References 4
- debian.org http://www.debian.org/security/2017/dsa-3965
- github.com https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
- github.com https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d
- security.gentoo.org https://security.gentoo.org/glsa/201710-02
Remediation
- github.com https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
- github.com https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d