What is CVE-2015-0247?

CVE-2015-0247 is a vulnerability in E2fsprogs_project E2fsprogs, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-02-17.

Is CVE-2015-0247 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in E2fsprogs_project E2fsprogs

CVE-2015-0247

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Vulnerability class: Buffer Overflow

EPSS: 0.009 (54.8th percentile) — read the EPSS interpretation.

Affected products

E2fsprogs_project E2fsprogs
Canonical Ubuntu_linux — versions 10.04, 12.04, 14.04
Debian Debian_linux — versions 7.0
Fedoraproject Fedora — versions 20, 21
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (US Government Resource, x_refsource_MISC)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2015-0247?: CVE-2015-0247 is a vulnerability in E2fsprogs_project E2fsprogs, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-02-17.
Is CVE-2015-0247 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.