CVE-2018-11730

Name of the Vulnerable Software and Affected Versions libfsntfs versions through 2018-04-20

Description The issue allows remote attackers to cause a denial of service via a crafted ntfs file, specifically through a double-free in the libfsntfs security descriptor values free function. The vendor has disputed this issue, as described in libyal/libfsntfs issue 8 on GitHub.

Recommendations For versions through 2018-04-20, consider disabling the libfsntfs security descriptor values free function as a temporary workaround until a patch is available. Restrict access to crafted ntfs files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.