Lucene search

[email protected]CVE-2012-1571

HistoryJul 17, 2012 - 9:55 p.m.

CVE-2012-1571

2012-07-1721:55:01

CWE-119

[email protected]

web.nvd.nist.gov

132

cve-2012-1571

file before 5.11

libmagic

denial of service

crash

composite document file

cdf

nvd

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

Affected configurations

NVD

Node

christos_zoulasfileRange≤5.10

tim_robbinslibmagic

CPENameOperatorVersion
christos_zoulas:filechristos zoulas filele5.10
tim_robbins:libmagictim robbins libmagiceq*

CPE	Name	Operator	Version
christos_zoulas:file	christos zoulas file	le	5.10
tim_robbins:libmagic	tim robbins libmagic	eq	*

References

mx.gw.com/pipermail/file/2012/000914.html

www.debian.org/security/2012/dsa-2422

www.mandriva.com/security/advisories?name=MDVSA-2012:035

www.ubuntu.com/usn/USN-2123-1

github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295

github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2012-1571

nessus31 debian1 veracode1 f52 gentoo1 openvas34 prion2 debiancve2 cvelist2 ubuntucve2 nvd2 amazon2 ubuntu1 cve1 securityvulns1 freebsd_advisory1 freebsd1 fedora4 mageia1 centos4 redhat4 oraclelinux6 rosalinux1