CVE-2017-9831

Name of the Vulnerable Software and Affected Versions libmtp versions 1.1.12 and below

Description The issue is related to an integer overflow in the ptp unpack EOS CustomFuncEx function, located in the ptp-pack.c file. This allows attackers to potentially cause a denial of service due to out-of-bounds memory access or possibly achieve remote code execution. The attack vector involves inserting a mobile device into a personal computer via a USB cable.

Recommendations For libmtp versions 1.1.12 and below, consider updating to a version above 1.1.12 to resolve the issue. As a temporary workaround, restrict the use of the ptp unpack EOS CustomFuncEx function until a patch is available.