RSS   Vulnerabilities for 'Libpff'   RSS

2021-08-19
 
CVE-2020-18897

CWE-416
 

 
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

 
2018-06-19
 
CVE-2018-11723

CWE-125
 

 
** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub.

 


Copyright 2024, cxsecurity.com

 

Back to Top