CVE-2009-1515

Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
christos_zoulasfile
5.00
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bullseye (security)
1:5.39-3+deb11u1
fixed
bullseye
1:5.39-3+deb11u1
fixed
lenny
not-affected
etch
not-affected
bookworm
1:5.44-3
fixed
sid
1:5.45-3
fixed
trixie
1:5.45-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
ftp://ftp.astron.com/pub/file/file-5.01.tar.gz
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820
http://mx.gw.com/pipermail/file/2009/000379.html
http://secunia.com/advisories/34881
http://www.mandriva.com/security/advisories?name=MDVSA-2009:129
http://www.osvdb.org/54100
http://www.securityfocus.com/bid/34745
ftp://ftp.astron.com/pub/file/file-5.01.tar.gz
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820
http://mx.gw.com/pipermail/file/2009/000379.html
http://secunia.com/advisories/34881
http://www.mandriva.com/security/advisories?name=MDVSA-2009:129
http://www.osvdb.org/54100
http://www.securityfocus.com/bid/34745