The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2018/Jun/15 | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2018/Jun/15 | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 03:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.html - Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2018/Jun/15 - Mailing List, Third Party Advisory |
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
Summary | The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub |
Information
Published : 2018-06-19 21:29
Updated : 2024-11-21 03:43
NVD link : CVE-2018-11723
Mitre link : CVE-2018-11723
CVE.ORG link : CVE-2018-11723
JSON object : View
Products Affected
libpff_project
- libpff
CWE
CWE-125
Out-of-bounds Read