CVE-2012-0060

EPSS 4.9%

rpm - security update

Published: 6/4/2012Modified: 4/28/2026

Description

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Affected packages (2)

Debian/rpmfrom 0, < 4.9.1.3-1
Debian/rpmfrom 0, < 4.8.1-6+squeeze2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-0060