Upstream information

CVE-2012-1571 at MITRE

Description

file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 753303 [RESOLVED / FIXED], 883306 [RESOLVED / ], 884986 [RESOLVED / FIXED], 987530 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 12 SP2
  • file >= 5.19-9.1
  • file-debuginfo >= 5.19-9.1
  • file-debugsource >= 5.19-9.1
  • file-magic >= 5.19-9.1
  • libmagic1 >= 5.19-9.1
  • libmagic1-32bit >= 5.19-9.1
  • libmagic1-debuginfo >= 5.19-9.1
  • libmagic1-debuginfo-32bit >= 5.19-9.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA file
SUSE Linux Enterprise Server 12 SP2 GA file-debuginfo
openSUSE 11.4
  • file >= 5.04-13.1
  • file-32bit >= 5.04-13.1
  • file-debuginfo >= 5.04-13.1
  • file-debuginfo-32bit >= 5.04-13.1
  • file-debugsource >= 5.04-13.1
  • file-devel >= 5.04-13.1
  • python-magic >= 5.04-13.1
  • python-magic-debuginfo >= 5.04-13.1
  • python-magic-debugsource >= 5.04-13.1
Patchnames:
openSUSE-2012-221
openSUSE 13.2
  • file >= 5.19-3.1.2
  • file-devel >= 5.19-3.1.2
  • file-magic >= 5.19-3.1.2
  • libmagic1 >= 5.19-3.1.2
  • libmagic1-32bit >= 5.19-3.1.2
Patchnames:
openSUSE 13.2 GA file
openSUSE Leap 42.1
  • file >= 5.19-5.5
  • file-devel >= 5.19-5.5
  • file-magic >= 5.19-5.5
  • libmagic1 >= 5.19-5.5
  • libmagic1-32bit >= 5.19-5.5
Patchnames:
openSUSE Leap 42.1 GA file
openSUSE Leap 42.2
  • file >= 5.19-6.53
  • file-devel >= 5.19-6.53
  • file-magic >= 5.19-6.53
  • libmagic1 >= 5.19-6.53
  • libmagic1-32bit >= 5.19-6.53
Patchnames:
openSUSE Leap 42.2 GA file