CVE-2012-1571

MEDIUM

Christos Zoulas File < 5.10 - Memory Corruption

Title source: rule

Description

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

References (6)

[Patch] http://mx.gw.com/pipermail/file/2012/000914.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2012:035

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2123-1

[Exploit, Patch] https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295

[Exploit, Patch] https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2422

Scores

CVSS v3 6.5

EPSS 0.0023

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119 CWE-125

Status draft

Affected Products (2)

christos_zoulas/file < 5.10

tim_robbins/libmagic

Timeline

Published Jul 17, 2012

Tracked Since Feb 18, 2026