{"id":"CVE-2017-1000249","details":"An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).","modified":"2026-02-11T13:52:37.887999Z","published":"2017-09-11T19:29:00.200Z","related":["openSUSE-SU-2024:10755-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3965"},{"type":"ADVISORY","url":"https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793"},{"type":"ADVISORY","url":"https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-02"},{"type":"FIX","url":"https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793"},{"type":"FIX","url":"https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/file/file","events":[{"introduced":"0"},{"fixed":"35c94dc6acc418f1ad7f6241a6680e5327495793"},{"introduced":"0"},{"fixed":"9611f31313a93aa036389c5f3b15eea53510d4d"}]}],"versions":["FILE3_27","FILE3_28","FILE3_30","FILE3_31","FILE3_32","FILE3_33","FILE3_34","FILE3_35","FILE3_36","FILE3_37","FILE3_38","FILE3_39","FILE3_40","FILE3_41","FILE4_00","FILE4_01","FILE4_02","FILE4_03","FILE4_04","FILE4_05","FILE4_06","FILE4_07","FILE4_08","FILE4_09","FILE4_10","FILE4_11","FILE4_12","FILE4_13","FILE4_14","FILE4_15","FILE4_16","FILE4_17","FILE4_18","FILE4_19","FILE4_20","FILE4_21","FILE4_22","FILE4_23","FILE4_24","FILE4_25","FILE4_26","FILE5_00","FILE5_01","FILE5_02","FILE5_03","FILE5_04","FILE5_07","FILE5_08","FILE5_09","FILE5_10","FILE5_11","FILE5_12","FILE5_13","FILE5_14","FILE5_15","FILE5_16","FILE5_17","FILE5_18","FILE5_19","FILE5_20","FILE5_21","FILE5_22","FILE5_23","FILE5_24","FILE5_25","FILE5_26","FILE5_27","FILE5_28","FILE5_29","FILE5_30","FILE5_31","pre-rrt-big-changes-post-4-23"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/readelf.c"},"source":"https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793","signature_type":"Line","id":"CVE-2017-1000249-fd5cd05d","digest":{"threshold":0.9,"line_hashes":["191730419508807807995728450003017890109","255685428453647614123441016389726967408","165778089394274387787587373511134378635","332407869254594291647053825146415379105","330899916478574045905968768894139584839","158136468176192798324936030520550183940","193169790860533737710285639127229560049"]},"deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000249.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}