CVE-2015-0247

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
e2fsprogs_projecte2fsprogs
𝑥
≤ 1.42.11
debiandebian_linux
7.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
e2fsprogs
bookworm
1.47.0-2
fixed
bullseye
1.46.2-2
fixed
bullseye (security)
1.46.2-2+deb11u1
fixed
sid
1.47.1-1
fixed
trixie
1.47.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
e2fsprogs
lucid
Fixed 1.41.11-1ubuntu2.3
released
precise
Fixed 1.42-1ubuntu2.2
released
trusty
Fixed 1.42.9-3ubuntu1.2
released
utopic
Fixed 1.42.10-1.1ubuntu1.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
e2fsprogs
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 12
1.42.11-7.1
fixed
suse enterprise sap 12 SP5
1.43.8-3.8.1
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 12
1.42.11-7.1
fixed
suse enterprise server 12 SP1
1.42.11-7.1
fixed
suse enterprise server 12 SP2
1.42.11-7.1
fixed
suse enterprise server 12 SP5
1.43.8-3.8.1
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
e2fsprogs-devel
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libcom_err-devel
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libcom_err-devel-static
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libcom_err2
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 12
1.42.11-7.1
fixed
suse enterprise sap 12 SP5
1.43.8-3.8.1
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 12
1.42.11-7.1
fixed
suse enterprise server 12 SP1
1.42.11-7.1
fixed
suse enterprise server 12 SP2
1.42.11-7.1
fixed
suse enterprise server 12 SP5
1.43.8-3.8.1
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libcom_err2-32bit
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 12
1.42.11-7.1
fixed
suse enterprise sap 12 SP5
1.43.8-3.8.1
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 12
1.42.11-7.1
fixed
suse enterprise server 12 SP1
1.42.11-7.1
fixed
suse enterprise server 12 SP2
1.42.11-7.1
fixed
suse enterprise server 12 SP5
1.43.8-3.8.1
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libext2fs-devel
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libext2fs-devel-static
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
libext2fs2
suse enterprise desktop 15
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP1
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP2
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP3
1.43.8-4.3.1
fixed
suse enterprise desktop 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise desktop 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise desktop 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise sap 12
1.42.11-7.1
fixed
suse enterprise sap 12 SP5
1.43.8-3.8.1
fixed
suse enterprise sap 15
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP1
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP2
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP3
1.43.8-4.3.1
fixed
suse enterprise sap 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise sap 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise sap 15 SP7
1.47.0-150600.4.6.2
fixed
suse enterprise server 12
1.42.11-7.1
fixed
suse enterprise server 12 SP1
1.42.11-7.1
fixed
suse enterprise server 12 SP2
1.42.11-7.1
fixed
suse enterprise server 12 SP5
1.43.8-3.8.1
fixed
suse enterprise server 15
1.43.8-4.3.1
fixed
suse enterprise server 15 SP1
1.43.8-4.3.1
fixed
suse enterprise server 15 SP2
1.43.8-4.3.1
fixed
suse enterprise server 15 SP3
1.43.8-4.3.1
fixed
suse enterprise server 15 SP4
1.46.4-150400.1.80
fixed
suse enterprise server 15 SP5
1.46.4-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.47.0-150600.2.26
fixed
suse enterprise server 15 SP7
1.47.0-150600.4.6.2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
e2fsprogs
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
e2fsprogs-debuginfo
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
e2fsprogs-devel
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
e2fsprogs-libs
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
e2fsprogs-static
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
libcom_err
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
libcom_err-devel
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
libss
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
libss-devel
Amazon Linux 1
0:1.42.12-4.35.amzn1
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0061.html
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
http://www.debian.org/security/2015/dsa-3166
http://www.mandriva.com/security/advisories?name=MDVSA-2015:045
http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
http://www.ocert.org/advisories/ocert-2015-002.html
http://www.securityfocus.com/archive/1/534633/100/0/threaded
http://www.securityfocus.com/bid/72520
http://www.ubuntu.com/usn/USN-2507-1
https://bugzilla.redhat.com/show_bug.cgi?id=1187032
https://exchange.xforce.ibmcloud.com/vulnerabilities/100740
https://security.gentoo.org/glsa/201701-06
http://advisories.mageia.org/MGASA-2015-0061.html
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
http://www.debian.org/security/2015/dsa-3166
http://www.mandriva.com/security/advisories?name=MDVSA-2015:045
http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
http://www.ocert.org/advisories/ocert-2015-002.html
http://www.securityfocus.com/archive/1/534633/100/0/threaded
http://www.securityfocus.com/bid/72520
http://www.ubuntu.com/usn/USN-2507-1
https://bugzilla.redhat.com/show_bug.cgi?id=1187032
https://exchange.xforce.ibmcloud.com/vulnerabilities/100740
https://security.gentoo.org/glsa/201701-06