Your submission was sent successfully! Close

CVE-2015-1572

Published: 16 February 2015

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Priority

Medium

Status

Package Release Status
e2fsprogs
Launchpad, Ubuntu, Debian
lucid
Released (1.41.11-1ubuntu2.3)
precise
Released (1.42-1ubuntu2.2)
trusty
Released (1.42.9-3ubuntu1.2)
upstream Needs triage

utopic
Released (1.42.10-1.1ubuntu1.2)
Patches:
upstream: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73