PT-2017-3254 · Libmtp+1 · Libmtp+1

Published

2017-03-16

Updated

2020-04-05

CVE-2017-9832

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libmtp versions 1.1.12 and below

Description The issue is related to an integer overflow error in the ptp unpack OPL function of the ptp-pack.c file in the libmtp library. This error can be exploited by an attacker, potentially allowing them to cause a denial of service or execute arbitrary code when a mobile device is connected to a computer via a USB cable.

Recommendations For libmtp versions 1.1.12 and below, consider disabling the ptp unpack OPL function as a temporary workaround until a patch is available. Restrict access to the ptp-pack.c file to minimize the risk of exploitation. Avoid using the libmtp library for USB connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2017-1445

BDU:2018-00010

CVE-2017-9832

DLA-1029-1

DLA-2169-1

MGASA-2017-0225

Affected Products

Alt Linux

Libmtp

PT-2017-3254 · Libmtp+1 · Libmtp+1

CVE-2017-9832

Weakness Enumeration

Related Identifiers

Affected Products

References · 16