Lucene search

[email protected]CVE-2012-1571

HistoryJul 17, 2012 - 9:55 p.m.

CVE-2012-1571

2012-07-1721:55:00

CWE-119

[email protected]

web.nvd.nist.gov

131

cve-2012-1571

file before 5.11

libmagic

denial of service

crash

composite document file

cdf

nvd

security vulnerability

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

83.1%

JSON

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

CPENameOperatorVersion
christos_zoulas:filechristos zoulas filele5.10
tim_robbins:libmagictim robbins libmagiceq*

CPE	Name	Operator	Version
christos_zoulas:file	christos zoulas file	le	5.10
tim_robbins:libmagic	tim robbins libmagic	eq	*

References

mx.gw.com/pipermail/file/2012/000914.html

www.debian.org/security/2012/dsa-2422

www.mandriva.com/security/advisories?name=MDVSA-2012:035

www.ubuntu.com/usn/USN-2123-1

github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295

github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b

Social References

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2012-1571

openvas34 prion2 debiancve2 nessus31 veracode1 f52 debian1 gentoo1 ubuntucve2 securityvulns1 cve1 ubuntu1 amazon2 freebsd1 freebsd_advisory1 fedora4 mageia1 redhat4 centos4 oraclelinux6 rosalinux1