The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems.
The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow.
A specially crafted filesystem image can be used to trigger the vulnerability.
e2fsprogs < 1.42.12
e2fsprogs >= 1.42.12
Credit: vulnerability report from Jose Duart of Google Security Team <jduart AT google.com>.
2015-01-19: vulnerability report received 2015-01-29: contacted affected vendors, assigned CVEs 2015-02-05: advisory release
-- Andrea Barisani | Founder & Project Coordinator oCERT | OSS Computer Security Incident Response Team <firstname.lastname@example.org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"