exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2012-1571

Status Candidate

Overview

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

Related Files

Red Hat Security Advisory 2014-1606-02
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1606-02 - The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-1571, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3479, CVE-2014-3480
SHA-256 | abe0ed469d7ae83d0ad40aebd791f00a02439feaa1060a6f6cfecd1c3806dafe
Red Hat Security Advisory 2014-1012-01
Posted Aug 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1012-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. Two denial of service flaws were found in the way the File Information extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.

tags | advisory, remote, web, denial of service, php
systems | linux, redhat
advisories | CVE-2012-1571, CVE-2013-6712, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3479, CVE-2014-3480, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721
SHA-256 | 75d69ed5db0c26d8fff244ccb4d6071a528c9b06c9770c22a68c4d391a8305a7
FreeBSD Security Advisory - file / libmagic
Posted Jun 25, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.

tags | advisory
systems | freebsd
advisories | CVE-2012-1571, CVE-2013-7345, CVE-2014-1943, CVE-2014-2270
SHA-256 | 55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77
Ubuntu Security Notice USN-2123-1
Posted Feb 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2123-1 - It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use this issue to cause file to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-1571, CVE-2014-1943, CVE-2012-1571, CVE-2014-1943
SHA-256 | c15cd48bc8b2799f13c365755252a2482623291ddeebb7c5be3f90af4ec34e10
Gentoo Linux Security Advisory 201209-14
Posted Sep 26, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-14 - A vulnerability in file could result in Denial of Service. Versions less than 5.11 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2012-1571
SHA-256 | d90a09d687cc30bad929972ba061bd394f735723d6508ffe9243ec770a0f54b0
Debian Security Advisory 2422-2
Posted May 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2422-2 - A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1571
SHA-256 | da5587655e5758f4b0e013bb717efdacb652bee005900188f3319cb5f1be004b
Mandriva Linux Security Advisory 2012-035
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-1571
SHA-256 | 4047982958ece3e56808e6732bee8a5b66fdecf385ac7aecc0043d63cb942a06
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close