CVE-2015-1572
e2fsprogs - security update
EPSS 0.15%
Description
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
How to fix CVE-2015-1572
To remediate CVE-2015-1572, upgrade the affected package to a fixed version below.
- Debian/e2fsprogs—upgrade to 1.42.12-1.1 or later
- Debian/e2fsprogs—upgrade to 1.41.12-4+deb6u2 or later
Is CVE-2015-1572 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.42.12-1.1
- from 0, < 1.41.12-4+deb6u2