CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1572
https://notcve.org/view.php?id=CVE-2015-1572
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. Desbordamiento de buffer basado en memoria dinámica en closefs.c en la libraría libext2fs en e2fsprogs anterior a 1.42.12 permite a usuarios locales ejecutar código arbitrario al causar que un descriptor manipulado de grupos en bloques se marque como sucio. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0247. • http://advisories.mageia.org/MGASA-2015-0088.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html http://www.debian.org/security/2015/dsa-3166 http://www.mandriva.com/security/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2015-0247
https://notcve.org/view.php?id=CVE-2015-0247
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. Desbordamiento de buffer basado en memoria dinámica en openfs.c en la libraría libext2fs en e2fsprogs anterior a 1.42.12 permite a usuarios locales ejecutar código arbitrario a través de datos manipulados del descriptor de grupos en bloque en una imagen del sistema de ficheros. • http://advisories.mageia.org/MGASA-2015-0061.html http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 10%CPEs: 41EXPL: 0CVE-2007-5497 – e2fsprogs multiple integer overflows
https://notcve.org/view.php?id=CVE-2007-5497
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. Múltiples desbordamientos enteros en libext2fs en e2fsprogs versiones anteriores a 1.40.3, permiten a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una imagen del sistema de archivos especialmente diseñada. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://lists.vmware.com/pipermail/security-announce/2008/000007.html http://secunia.com/advisories/27889 http://secunia.com/advisories/27965 http://secunia.com/advisories/27987 http://secunia.com/advisories/28000 http://secunia.com/advisories/28030 http://secunia.com/advisories/28042 http://secunia.com/advisories/28360 http://secunia.com/advisories/28541 http://secunia.com/advisories/28648 http://secunia.com • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •