There is an integer overflow in strings.c, which can lead to heap overflow leading to RCE on the strings binary. An attacker needs to have access to the `-n` parameter, to trigger this vulnerability.
PoC: `strings -n 4294967295 /usr/bin/strings` the bug occurs here, in line 270: [image: image.png] And also here: [image: image.png] A CVE has been already assigned, its CVE-2024-27667.
