There is an integer overflow in strings.c, which can lead to heap overflow leading to RCE on the strings binary.
An attacker needs to have access to the `-n` parameter, to trigger this vulnerability.
PoC: `strings -n 4294967295 /usr/bin/strings`
the bug occurs here, in line 270:
And also here:
A CVE has been already assigned, its CVE-2024-27667.