CVE-2012-1571

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

References

http://mx.gw.com/pipermail/file/2012/000914.html

http://www.debian.org/security/2012/dsa-2422

http://www.mandriva.com/security/advisories?name=MDVSA-2012:035

http://www.ubuntu.com/usn/USN-2123-1

https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295

https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b

Details

Source: MITRE

Published: 2012-07-17

Updated: 2014-03-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:* versions up to 5.10 (inclusive)

cpe:2.3:a:tim_robbins:libmagic:*:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
92905FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
91155OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)NessusOracleVM Local Security Checks
high
88064F5 Networks BIG-IP : file vulnerability (SOL16875)NessusF5 Networks Local Security Checks
medium
79185CentOS 6 : file (CESA-2014:1606)NessusCentOS Local Security Checks
medium
78843Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78527Oracle Linux 6 : file (ELSA-2014-1606)NessusOracle Linux Local Security Checks
medium
78419Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140930)NessusScientific Linux Local Security Checks
medium
78414RHEL 6 : file (RHSA-2014:1606)NessusRed Hat Local Security Checks
medium
78358Amazon Linux AMI : php55 (ALAS-2014-415)NessusAmazon Linux Local Security Checks
medium
77482Fedora 20 : php-5.5.16-1.fc20 (2014-9684)NessusFedora Local Security Checks
medium
77481Fedora 19 : php-5.5.16-1.fc19 (2014-9679)NessusFedora Local Security Checks
medium
77363Fedora 20 : file-5.19-4.fc20 (2014-9712)NessusFedora Local Security Checks
medium
77047Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)NessusScientific Linux Local Security Checks
high
77043Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)NessusOracle Linux Local Security Checks
high
77032CentOS 5 / 6 : php / php53 (CESA-2014:1012)NessusCentOS Local Security Checks
high
77015RHEL 5 / 6 : php53 and php (RHSA-2014:1012)NessusRed Hat Local Security Checks
high
76377Fedora 20 : file-5.19-1.fc20 (2014-7992)NessusFedora Local Security Checks
medium
74598openSUSE Security Update : file (openSUSE-SU-2012:0488-1)NessusSuSE Local Security Checks
medium
72720Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : file vulnerabilities (USN-2123-1)NessusUbuntu Local Security Checks
medium
62343GLSA-201209-14 : file: Denial of ServiceNessusGentoo Local Security Checks
medium
58474Mandriva Linux Security Advisory : file (MDVSA-2012:035)NessusMandriva Local Security Checks
medium
58173Debian DSA-2422-2 : file - missing bounds checksNessusDebian Local Security Checks
medium