CVE-2015-1572

Published: Feb 24, 2015Modified: May 6, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Affected (6)

Products: E2fsprogs Project: E2fsprogs · Debian: Debian Linux · Canonical: Ubuntu Linux

E2fsprogs Project

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
E2fsprogs Project E2fsprogs	Up to 1.42.11

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (26)

http://advisories.mageia.org/MGASA-2015-0088.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3166

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:067

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:068

Source: cve@mitre.org

http://www.securityfocus.com/bid/72709

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2507-1

Source: cve@mitre.org

https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73

Source: cve@mitre.org

Vendor Advisory

https://security.gentoo.org/glsa/201507-22

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2015-0088.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3166

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:067

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:068

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72709

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2507-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/201507-22

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.