CVE-2015-3205

libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure."
Configurations

Configuration 1 (hide)

cpe:2.3:a:libmimedir_project:libmimedir:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:28

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/132257/Libmimedir-VCF-Memory-Corruption-Proof-Of-Concept.html - Exploit () http://packetstormsecurity.com/files/132257/Libmimedir-VCF-Memory-Corruption-Proof-Of-Concept.html - Exploit
References () http://www.securityfocus.com/bid/75147 - () http://www.securityfocus.com/bid/75147 -
References () https://www.exploit-db.com/exploits/37249/ - Exploit () https://www.exploit-db.com/exploits/37249/ - Exploit

Information

Published : 2015-06-16 16:59

Updated : 2024-11-21 02:28


NVD link : CVE-2015-3205

Mitre link : CVE-2015-3205

CVE.ORG link : CVE-2015-3205


JSON object : View

Products Affected

libmimedir_project

  • libmimedir
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')