Published: 16/06/2015 Updated: 03/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

libmimedir allows remote malicious users to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure."

Vulnerable Product	Search on Vulmon	Subscribe to Product
libmimedir project libmimedir

Debian Bug report logs - #789197 libmimedir: CVE-2015-3205 Package: src:libmimedir; Maintainer for src:libmimedir is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 18 Jun 2015 19:39:02 UTC Severity: grave Tags: security, upstream Found in version libmimedir ...

#!/usr/bin/python # libmimedir-freepy # # Libmimedir VCF Memory Corruption PoC (CVE-2015-3205) # # Jeremy Brown [jbrown3264/gmail] # June 2015 # # -Synopsis- # # Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls # which occur during it's lexer's memory clean-up procedure This could lead to exploitable # condi ...

Libmimedir suffers from a memory corruption vulnerability Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution ...

CWE-74 http://packetstormsecurity.com/files/132257/Libmimedir-VCF-Memory-Corruption-Proof-Of-Concept.html https://www.exploit-db.com/exploits/37249/http://www.securityfocus.com/bid/75147 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789197 https://nvd.nist.gov https://www.exploit-db.com/exploits/37249/

CVE-2015-3205

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect