A stack-based buffer overflow was found in file, possibly resulting in the execution of arbitrary code.
|Package||sys-apps/file on all architectures|
|Affected versions||< 5.32|
|Unaffected versions||>= 5.32|
file is a utility that guesses a file format by scanning binary data for patterns.
An issue discovered in file allows attackers to write 20 bytes to the stack buffer via a specially crafted .notes section.
A remote attacker, by using a specially crafted .notes section in an ELF binary, could execute arbitrary code or cause a Denial of Service condition.
There is no known workaround at this time.
All file users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/file-5.32"
October 08, 2017
October 08, 2017: 1