{"id":"USN-4142-1","summary":"e2fsprogs vulnerability","details":"It was discovered that e2fsprogs incorrectly handled certain ext4 partitions.\nAn attacker could possibly use this issue to execute arbitrary code.\n","modified":"2026-02-10T04:41:38Z","published":"2019-09-30T12:31:47Z","related":["UBUNTU-CVE-2019-5094"],"upstream":["CVE-2019-5094","UBUNTU-CVE-2019-5094"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4142-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-5094"}],"affected":[{"package":{"name":"e2fsprogs","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/e2fsprogs@1.42.13-1ubuntu1.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.42.13-1ubuntu1.1"}]}],"versions":["1.42.12-1ubuntu2","1.42.13-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1-1.42.13-1ubuntu1.1","binary_name":"comerr-dev"},{"binary_version":"1.42.13-1ubuntu1.1","binary_name":"e2fsck-static"},{"binary_version":"1.42.13-1ubuntu1.1","binary_name":"e2fslibs"},{"binary_version":"1.42.13-1ubuntu1.1","binary_name":"e2fslibs-dev"},{"binary_version":"1.42.13-1ubuntu1.1","binary_name":"e2fsprogs"},{"binary_version":"1.42.13-1ubuntu1.1","binary_name":"libcomerr2"},{"binary_version":"1.42.13-1ubuntu1.1","binary_name":"libss2"},{"binary_version":"2.0-1.42.13-1ubuntu1.1","binary_name":"ss-dev"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2019-5094","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4142-1.json"}},{"package":{"name":"e2fsprogs","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/e2fsprogs@1.44.1-1ubuntu1.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.44.1-1ubuntu1.2"}]}],"versions":["1.43.5-1","1.43.7-1","1.43.8-1ubuntu1","1.43.8-2","1.43.9-1","1.43.9-1ubuntu1","1.43.9-2","1.44.0-1","1.44.1-1","1.44.1-1ubuntu1","1.44.1-1ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1-1.44.1-1ubuntu1.2","binary_name":"comerr-dev"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"e2fsck-static"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"e2fslibs"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"e2fslibs-dev"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"e2fsprogs"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"e2fsprogs-l10n"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"fuse2fs"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"libcom-err2"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"libcomerr2"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"libext2fs-dev"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"libext2fs2"},{"binary_version":"1.44.1-1ubuntu1.2","binary_name":"libss2"},{"binary_version":"2.0-1.44.1-1ubuntu1.2","binary_name":"ss-dev"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2019-5094","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4142-1.json"}}],"schema_version":"1.7.3"}