search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Automatic File Content Type Recognition Tool contains memory allocation problem

Vulnerability Note VU#100937

Original Release Date: 2003-03-06 | Last Revised: 2003-03-07

Overview

A memory allocation problem exists in the "Automatic File Content Type Recognition Tool" versions of the file[1] package prior to 3.41.

Description

According to an OpenPKG advisory, a memory allocation problem exists in the "Automatic File Content Type Recognition Tool" (AFCTR tool) versions of the file[1] package prior to 3.41.

Impact

The complete impact of this vulnerability is not yet known. This vulnerability may be exploited by a user on the local system.

Solution

Upgrade to the version 3.41 of the file[1] package, or apply a patch specified by your vendor.

Vendor Information

100937
 
Expand all

OpenPKG Affected

Updated:  March 06, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see OpenPKG Security Advisory OpenPKG-SA-2003.017 from http://www.openpkg.org/security.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Affected

Updated:  March 07, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see https://rhn.redhat.com/errata/RHSA-2003-086.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

ftp://ftp.astron.com/pub/files

Acknowledgements

Jeff Johnson is credited with discovering this vulnerability in an OpenPKG advisory.

This document was written by Jason A Rafail.

Other Information

CVE IDs: None
Date Public: 2003-03-04
Date First Published: 2003-03-06
Date Last Updated: 2003-03-07 20:15 UTC
Document Revision: 6

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis