CVE-2007-2318

NameCVE-2007-2318
DescriptionMultiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs421776

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
filezilla (PTS)buster3.39.0-2+deb10u1fixed
bullseye3.52.2-3+deb11u1fixed
bookworm3.63.0-1+deb12u3fixed
trixie3.66.5-2fixed
sid3.67.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
filezillasource(unstable)3.0.0~beta2-3421776

Notes

http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
Search for package or bug name: Reporting problems