Описание
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libpff | fixed | 20180714-1 | package | |
| libpff | no-dsa | stretch | package |
Примечания
https://github.com/libyal/libpff/issues/61
https://github.com/libyal/libpff/issues/62
https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c
EPSS
Связанные уязвимости
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
Уязвимость функции libpff_item_tree_create_node библиотеки для доступа к файлам PFF и OFF Libpff, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS