CVE-2017-9832

Name of the Vulnerable Software and Affected Versions libmtp versions 1.1.12 and below

Description The issue is related to an integer overflow error in the ptp unpack OPL function of the ptp-pack.c file in the libmtp library. This error can be exploited by an attacker, potentially allowing them to cause a denial of service or execute arbitrary code when a mobile device is connected to a computer via a USB cable.

Recommendations For libmtp versions 1.1.12 and below, consider disabling the ptp unpack OPL function as a temporary workaround until a patch is available. Restrict access to the ptp-pack.c file to minimize the risk of exploitation. Avoid using the libmtp library for USB connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.