CVE-2012-1571

CVSS 6.5 MEDIUMEPSS 4.1%CWE-125

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 4.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

17 Jul 2012Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://mx.gw.com/pipermail/file/2012/000914.html https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295 https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b http://www.debian.org/security/2012/dsa-2422 http://www.mandriva.com/security/advisories?name=MDVSA-2012:035 http://www.ubuntu.com/usn/USN-2123-1