CVE-2012-1571 - OpenCVE

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Christos Zoulas	File
Tim Robbins	Libmagic

Configuration 1 [-]

OR	cpe:2.3:a:christos_zoulas:file::::::::
	cpe:2.3:a:tim_robbins:libmagic::::::::

References

Link	Resource
http://mx.gw.com/pipermail/file/2012/000914.html	Patch
http://www.debian.org/security/2012/dsa-2422
http://www.mandriva.com/security/advisories?name=MDVSA-2012:035
http://www.ubuntu.com/usn/USN-2123-1
https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295	Exploit Patch
https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b	Exploit Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-17T21:00:00

Updated: 2014-03-05T14:57:01

Reserved: 2012-03-12T00:00:00

Link: CVE-2012-1571

JSON object: View

NVD Information

Status : Modified

Published: 2012-07-17T21:55:01.413

Modified: 2014-03-08T04:55:12.187

Link: CVE-2012-1571

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-05T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-2422", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2422"}, {"name": "MDVSA-2012:035", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"}, {"name": "[file] 20120221 file-5.11 is now available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mx.gw.com/pipermail/file/2012/000914.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"}, {"name": "USN-2123-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2123-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1571", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2422", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2422"}, {"name": "MDVSA-2012:035", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"}, {"name": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b", "refsource": "CONFIRM", "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"}, {"name": "[file] 20120221 file-5.11 is now available", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2012/000914.html"}, {"name": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295", "refsource": "CONFIRM", "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"}, {"name": "USN-2123-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2123-1"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1571", "datePublished": "2012-07-17T21:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2014-03-05T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D83F9EC-3ED0-45B4-B928-0B664ED4ED46", "versionEndIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:tim_robbins:libmagic:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D83103B-2316-4943-8082-FC4CDC754256", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."}, {"lang": "es", "value": "archivo antes de v5.11 y libmagic permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo de documento elaborado compuesto (CDF) que activa (1) una lectura fuera de l\u00edmites o (2) una desreferencia de puntero no v\u00e1lido."}], "id": "CVE-2012-1571", "lastModified": "2014-03-08T04:55:12.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-07-17T21:55:01.413", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://mx.gw.com/pipermail/file/2012/000914.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2422"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2123-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}