Vulnerability Description
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libpff Project | Libpff | <= 20180428 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-DiscloThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jun/15Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-DiscloThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jun/15Mailing ListThird Party Advisory
FAQ
What is CVE-2018-11723?
CVE-2018-11723 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) vi...
How severe is CVE-2018-11723?
CVE-2018-11723 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11723?
Check the references section above for vendor advisories and patch information. Affected products include: Libpff Project Libpff.