CVE-2012-1571

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions file versions prior to 5.11 libmagic versions prior to 5.11

Description The issue is related to multiple vulnerabilities in the file package, which can lead to a denial of service (crash) when a crafted Composite Document File (CDF) is processed. This can trigger an out-of-bounds read or an invalid pointer dereference. The exploitation of these vulnerabilities can be done remotely.

Recommendations For file versions prior to 5.11, update to version 5.11 or later to resolve the issue. For libmagic versions prior to 5.11, update to version 5.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the file and libmagic packages until a patch is available. Avoid using the file and libmagic packages with untrusted input until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

BDU:2015-06092

BDU:2015-06093

BDU:2015-06094

BDU:2015-06095

BDU:2015-06096

BDU:2015-09667

CESA-2014_1012

CESA-2014_1606

CVE-2012-1571

DSA-2422-1

OPENSUSE-SU-2024:10221-1

RHSA-2014:1012

RHSA-2014:1606

RHSA-2014_1012

RHSA-2014_1606

Affected Products

Centos

Red Hat

File

Libmagic

CVE-2012-1571

Weakness Enumeration

Related Identifiers

Affected Products

References · 26