Vulnerability Description
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Christos Zoulas | File | <= 5.10 |
| Tim Robbins | Libmagic | All versions |
Related Weaknesses (CWE)
References
- http://mx.gw.com/pipermail/file/2012/000914.htmlPatch
- http://www.debian.org/security/2012/dsa-2422
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:035
- http://www.ubuntu.com/usn/USN-2123-1
- https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295ExploitPatch
- https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0bExploitPatch
- http://mx.gw.com/pipermail/file/2012/000914.htmlPatch
- http://www.debian.org/security/2012/dsa-2422
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:035
- http://www.ubuntu.com/usn/USN-2123-1
- https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295ExploitPatch
- https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0bExploitPatch
FAQ
What is CVE-2012-1571?
CVE-2012-1571 is a vulnerability with a CVSS score of 6.5 (MEDIUM). file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid poi...
How severe is CVE-2012-1571?
CVE-2012-1571 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1571?
Check the references section above for vendor advisories and patch information. Affected products include: Christos Zoulas File, Tim Robbins Libmagic.