Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-11723
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Jun, 2018 | 21:29
Updated At-11 Jun, 2024 | 19:16

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary2.01.9LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
libpff_project
libpff_project
>>libpff>>Versions up to 20180428(inclusive)
cpe:2.3:a:libpff_project:libpff:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : libpff
Last Modified : 2018-08-10T09:28:21.403

For more information please visit https://github.com/libyal/libpff/issues/66.

References
HyperlinkSourceResource
http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.htmlcve@mitre.org
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Jun/15cve@mitre.org
Mailing List
Third Party Advisory
Change History
0Changes found
Details not found