CVE-2007-2799

Publication date 23 May 2007

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
file	7.04 feisty	Fixed 4.19-1ubuntu2.1
	6.10 edgy	Fixed 4.17-2ubuntu1.2
	6.06 LTS dapper	Fixed 4.16-0ubuntu3.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-439-2
file vulnerability
11 June 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-2799