CVE-2012-1571 – file: out of bounds read in CDF parser

https://notcve.org/view.php?id=CVE-2012-1571

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. archivo antes de v5.11 y libmagic permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo de documento elaborado compuesto (CDF) que activa (1) una lectura fuera de límites o (2) una desreferencia de puntero no válido. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://mx.gw.com/pipermail/file/2012/000914.html http://www.debian.org/security/2012/dsa-2422 http://www.mandriva.com/security/advisories?name=MDVSA-2012:035 http://www.ubuntu.com/usn/USN-2123-1 https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295 https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b https://access.redhat.com/security/cve/CVE-2012-1571 https://bugzilla.redhat.com/show_bug.cgi?id=805197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •