CVE-2015-8872
MEDIUM6.2EPSS 0.09%dosfstools - security update
Published: 6/3/2016Modified: 4/28/2026
Description
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
Affected packages (3)
- Debian/dosfstoolsfrom 0, < 4.0-1
- Debian/dosfstoolsfrom 0, < 3.0.27-1+deb8u1
- Debian/dosfstoolsfrom 0, < 3.0.13-1+deb7u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.2 | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |