6.5

CVE-2012-1571

Exploit
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Christos ZoulasFile Version <= 5.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.12% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://mx.gw.com/pipermail/file/2012/000914.html
Patch
http://www.debian.org/security/2012/dsa-2422
http://www.mandriva.com/security/advisories?name=MDVSA-2012:035
http://www.ubuntu.com/usn/USN-2123-1
https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295
Patch
Exploit
https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b
Patch
Exploit