CVE-2012-1571

MEDIUM

Description

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

References

http://mx.gw.com/pipermail/file/2012/000914.html

http://www.debian.org/security/2012/dsa-2422

http://www.mandriva.com/security/advisories?name=MDVSA-2012:035

http://www.ubuntu.com/usn/USN-2123-1

https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295

https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b

Details

Source: MITRE

Published: 2012-07-17

Updated: 2014-03-08

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* versions up to 5.10 (inclusive)

cpe:2.3:a:tim_robbins:libmagic:*:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
92905FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
91155OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)NessusOracleVM Local Security Checks
high
88064F5 Networks BIG-IP : file vulnerability (SOL16875)NessusF5 Networks Local Security Checks
medium
79185CentOS 6 : file (CESA-2014:1606)NessusCentOS Local Security Checks
medium
78843Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78527Oracle Linux 6 : file (ELSA-2014-1606)NessusOracle Linux Local Security Checks
medium
78419Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140930)NessusScientific Linux Local Security Checks
medium
78414RHEL 6 : file (RHSA-2014:1606)NessusRed Hat Local Security Checks
medium
78358Amazon Linux AMI : php55 (ALAS-2014-415)NessusAmazon Linux Local Security Checks
medium
77482Fedora 20 : php-5.5.16-1.fc20 (2014-9684)NessusFedora Local Security Checks
medium
77481Fedora 19 : php-5.5.16-1.fc19 (2014-9679)NessusFedora Local Security Checks
medium
77363Fedora 20 : file-5.19-4.fc20 (2014-9712)NessusFedora Local Security Checks
medium
77047Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)NessusScientific Linux Local Security Checks
high
77043Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)NessusOracle Linux Local Security Checks
high
77032CentOS 5 / 6 : php / php53 (CESA-2014:1012)NessusCentOS Local Security Checks
high
77015RHEL 5 / 6 : php53 and php (RHSA-2014:1012)NessusRed Hat Local Security Checks
high
76377Fedora 20 : file-5.19-1.fc20 (2014-7992)NessusFedora Local Security Checks
medium
74598openSUSE Security Update : file (openSUSE-SU-2012:0488-1)NessusSuSE Local Security Checks
medium
72720Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : file vulnerabilities (USN-2123-1)NessusUbuntu Local Security Checks
medium
62343GLSA-201209-14 : file: Denial of ServiceNessusGentoo Local Security Checks
medium
58474Mandriva Linux Security Advisory : file (MDVSA-2012:035)NessusMandriva Local Security Checks
medium
58173Debian DSA-2422-2 : file - missing bounds checksNessusDebian Local Security Checks
medium