vendor:
Libmimedir
by:
Jeremy Brown
9.3
CVSS
HIGH
Memory Corruption
119
CWE
Product Name: Libmimedir
Affected Version From: libmimedir-0.5.1.tar.gz
Affected Version To: libmimedir-static 0.4-13.fc21
Patch Exists: NO
Related CWE: CVE-2015-3205
CPE: a:libmimedir:libmimedir
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2015
Libmimedir VCF Memory Corruption PoC (CVE-2015-3205)
Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.
Mitigation:
Upgrade to the latest version of libmimedir.