CVE-2013-2124
LibguestFS 1.20.x < 1.20.7, 1.21.x, 1.22.0, 1.23.0 - Denial of Service via Empty Guest Files
Title source: llmDescription
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.
References (7)
Core 7
Core References
Patch mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q2/431
Exploit, Patch x_refsource_confirm
https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85145
Patch mailing-list
x_refsource_mlist
https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
Patch mailing-list
x_refsource_mlist
https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/93724
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/60205
Scores
EPSS
0.0260
EPSS Percentile
83.3%
Details
Status
published
Products (49)
libguestfs/libguestfs
1.20.0
libguestfs/libguestfs
1.20.1
libguestfs/libguestfs
1.20.2
libguestfs/libguestfs
1.20.3
libguestfs/libguestfs
1.20.4
libguestfs/libguestfs
1.20.5
libguestfs/libguestfs
1.20.6
libguestfs/libguestfs
1.21.1
libguestfs/libguestfs
1.21.2
libguestfs/libguestfs
1.21.3
... and 39 more
Published
May 27, 2014
Tracked Since
Feb 18, 2026