CVE-2015-1572

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
e2fsprogs_projecte2fsprogs
𝑥
≤ 1.42.11
debiandebian_linux
7.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
e2fsprogs
bullseye
1.46.2-2
fixed
bullseye (security)
1.46.2-2+deb11u1
fixed
bookworm
1.47.0-2
fixed
sid
1.47.1-1
fixed
trixie
1.47.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
e2fsprogs
utopic
Fixed 1.42.10-1.1ubuntu1.2
released
trusty
Fixed 1.42.9-3ubuntu1.2
released
precise
Fixed 1.42-1ubuntu2.2
released
lucid
Fixed 1.41.11-1ubuntu2.3
released
References