VIR Vulnerability Intelligence Relay

CVE-2012-0815

medium
Published 2012-06-04 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-0815

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/49110

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48716

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48651

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rpm.org/wiki/Releases/4.9.1.3

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed4.9.1.3-1
debian debianbullseyefixed4.9.1.3-1
debian debianforkyfixed4.9.1.3-1
debian debiansidfixed4.9.1.3-1
debian debiantrixiefixed4.9.1.3-1

Application impact
VendorProductVersionsFixed
rpmrpm{"endIncluding":"4.9.1.2"}
rpmrpm1.2
rpmrpm1.3
rpmrpm1.3.1
rpmrpm1.4
rpmrpm1.4.1
rpmrpm1.4.2
rpmrpm1.4.2\/a
rpmrpm1.4.3
rpmrpm1.4.4
rpmrpm1.4.5
rpmrpm1.4.6
rpmrpm1.4.7
rpmrpm2.0
rpmrpm2.0.1
rpmrpm2.0.2
rpmrpm2.0.3
rpmrpm2.0.4
rpmrpm2.0.5
rpmrpm2.0.6
rpmrpm2.0.7
rpmrpm2.0.8
rpmrpm2.0.9
rpmrpm2.0.10
rpmrpm2.0.11
rpmrpm2.1
rpmrpm2.1.1
rpmrpm2.1.2
rpmrpm2.2
rpmrpm2.2.1
rpmrpm2.2.2
rpmrpm2.2.3
rpmrpm2.2.3.10
rpmrpm2.2.3.11
rpmrpm2.2.4
rpmrpm2.2.5
rpmrpm2.2.6
rpmrpm2.2.7
rpmrpm2.2.8
rpmrpm2.2.9
rpmrpm2.2.10
rpmrpm2.2.11
rpmrpm2.3
rpmrpm2.3.1
rpmrpm2.3.2
rpmrpm2.3.3
rpmrpm2.3.4
rpmrpm2.3.5
rpmrpm2.3.6
rpmrpm2.3.7
rpmrpm2.3.8
rpmrpm2.3.9
rpmrpm2.4.1
rpmrpm2.4.2
rpmrpm2.4.3
rpmrpm2.4.4
rpmrpm2.4.5
rpmrpm2.4.6
rpmrpm2.4.8
rpmrpm2.4.9
rpmrpm2.4.11
rpmrpm2.4.12
rpmrpm2.5
rpmrpm2.5.1
rpmrpm2.5.2
rpmrpm2.5.3
rpmrpm2.5.4
rpmrpm2.5.5
rpmrpm2.5.6
rpmrpm2.6.7
rpmrpm3.0
rpmrpm3.0.1
rpmrpm3.0.2
rpmrpm3.0.3
rpmrpm3.0.4
rpmrpm3.0.5
rpmrpm3.0.6
rpmrpm4.0.
rpmrpm4.0.1
rpmrpm4.0.2
rpmrpm4.0.3
rpmrpm4.0.4
rpmrpm4.1
rpmrpm4.3.3
rpmrpm4.4.2.1
rpmrpm4.4.2.2
rpmrpm4.4.2.3
rpmrpm4.5.90
rpmrpm4.6.0
rpmrpm4.6.1
rpmrpm4.7.0
rpmrpm4.7.1
rpmrpm4.7.2
rpmrpm4.8.0
rpmrpm4.8.1
rpmrpm4.9.0
rpmrpm4.9.1
rpmrpm4.9.1.1

References

CWEs

CWE-189

Verify integrity in audit chain (admin only). AS-IS.