CVE-2012-1571
file: out of bounds read in CDF parser
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
archivo antes de v5.11 y libmagic permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo de documento elaborado compuesto (CDF) que activa (1) una lectura fuera de límites o (2) una desreferencia de puntero no válido.
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-03-12 CVE Reserved
- 2012-03-23 CVE Published
- 2024-08-05 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (8)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295 | 2024-08-06 | |
| https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://mx.gw.com/pipermail/file/2012/000914.html | 2014-03-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2422 | 2014-03-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:035 | 2014-03-08 | |
| http://www.ubuntu.com/usn/USN-2123-1 | 2014-03-08 | |
| https://access.redhat.com/security/cve/CVE-2012-1571 | 2014-10-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=805197 | 2014-10-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | <= 5.10 Search vendor "Christos Zoulas" for product "File" and version " <= 5.10" | - |
Affected
| ||||||
| Tim Robbins Search vendor "Tim Robbins" | Libmagic Search vendor "Tim Robbins" for product "Libmagic" | * | - |
Affected
| ||||||