CVE-2015-0247
e2fsprogs - security update
EPSS 0.40%
Description
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
How to fix CVE-2015-0247
To remediate CVE-2015-0247, upgrade the affected package to a fixed version below.
- Debian/e2fsprogs—upgrade to 1.42.12-1 or later
- Debian/e2fsprogs—upgrade to 1.41.12-4+deb6u1 or later
- Debian/e2fsprogs—upgrade to 1.42.5-1.1+deb7u1 or later
Is CVE-2015-0247 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.42.12-1
- from 0, < 1.41.12-4+deb6u1
- from 0, < 1.42.5-1.1+deb7u1