CVE-2015-3205

libmimedir - Remote Code Execution via Malformed VCF File

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3205. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in libmimedir by crafting a malicious VCF file with NULL bytes to manipulate free() calls during lexer cleanup, potentially leading to arbitrary code execution.

Description

libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure."

Exploits (1)

exploitdb WORKING POC

by Jeremy Brown · pythondoslinux

https://www.exploit-db.com/exploits/37249

View Code ZIP pw:eip

This PoC exploits a memory corruption vulnerability in libmimedir by crafting a malicious VCF file with NULL bytes to manipulate free() calls during lexer cleanup, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: libmimedir (0.5.1, 0.4-13.fc21)

No auth needed

Prerequisites: Ability to deliver a malicious VCF file to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/132257/Libmimedir-VCF-Memory-Corruption-Proof-Of-Concept.html

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37249/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/75147

Scores

EPSS 0.1067

EPSS Percentile 95.2%

Details

CWE

CWE-74

Status published

Products (1)

libmimedir_project/libmimedir

Published Jun 16, 2015

Tracked Since Feb 18, 2026