Vulnerability Details CVE-2015-0247
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.1%
CVSS Severity
CVSS v2 Score 4.6
References
- http://advisories.mageia.org/MGASA-2015-0061.html
- http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
- http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
- http://www.debian.org/security/2015/dsa-3166
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:045
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
- http://www.ocert.org/advisories/ocert-2015-002.html
- http://www.securityfocus.com/archive/1/534633/100/0/threaded
- http://www.securityfocus.com/bid/72520
- http://www.ubuntu.com/usn/USN-2507-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1187032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100740
- https://security.gentoo.org/glsa/201701-06
- http://advisories.mageia.org/MGASA-2015-0061.html
- http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
- http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
- http://www.debian.org/security/2015/dsa-3166
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:045
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
- http://www.ocert.org/advisories/ocert-2015-002.html
- http://www.securityfocus.com/archive/1/534633/100/0/threaded
- http://www.securityfocus.com/bid/72520
- http://www.ubuntu.com/usn/USN-2507-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1187032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100740
- https://security.gentoo.org/glsa/201701-06
Products affected by CVE-2015-0247
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.3b
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.3c
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.3d
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.4a
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5a
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5b
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5c
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.01
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.02
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.03
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.04
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.05
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.06
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.07
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.08
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.09
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.12
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.13
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.14
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.15
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.16
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.17
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.18
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.19
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.20
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.21
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.22
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.23
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.24
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.24a
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.25
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.26
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.27
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.28
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.29
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.30
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.31
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.32
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.33
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.34
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.35
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.36
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.37
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.38
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.39
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.1
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.11
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.2
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.3
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.6
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.7
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.8
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.9
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.0
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.1
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.11
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.12
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.13
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.14
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.2
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.3
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.6
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.7
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.8
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.9
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.1
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.11
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.2
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.3
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.6
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.7
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.8
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.9
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.10
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:fedoraproject:fedora:20
-
cpe:2.3:o:fedoraproject:fedora:21