CVE-2007-1536

file < 4.19 - Remote Code Execution via Integer Underflow in file_printf

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1536. PoCs published by Jean-Sebastien Guay-Leroux.

AI-analyzed exploit summary This exploit leverages an integer underflow vulnerability in the file(1) command (versions 4.16 to 4.19) to corrupt heap memory and execute arbitrary code. It requires manual calculation of memory addresses via core dump analysis to achieve reliable exploitation.

Description

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jean-Sebastien Guay-Leroux · cremotelinux
https://www.exploit-db.com/exploits/29753

This exploit leverages an integer underflow vulnerability in the file(1) command (versions 4.16 to 4.19) to corrupt heap memory and execute arbitrary code. It requires manual calculation of memory addresses via core dump analysis to achieve reliable exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: file(1) versions 4.16 to 4.19
No auth needed
Prerequisites: Access to the target system to run the file command · Ability to generate and analyze a core dump · Knowledge of memory addresses for the target environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (43)

Core 43
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1939
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36283
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1040
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-439-1
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1148
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27314
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305530
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25393
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29179
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23021
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24616
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017796
Various Sources vendor-advisory x_refsource_openbsd
http://openbsd.org/errata40.html#015_file
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27307
Patch mailing-list x_refsource_mlist
http://mx.gw.com/pipermail/file/2007/000161.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477950/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_5_sr.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24723
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24754
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25402
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0124.html
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=171452
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25989
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24604
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_40_file.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25931
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1274
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24617
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25133
Various Sources vendor-advisory x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/606700
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24608
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477861/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-26.xml
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200710-19.xml
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24548
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24592

Scores

EPSS 0.1223
EPSS Percentile 95.6%

Details

CWE
CWE-189
Status published
Products (1)
file/file < 4.19
Published Mar 20, 2007
Tracked Since Feb 18, 2026