CVE-2018-15157

Name of the Vulnerable Software and Affected Versions libfsclfs versions prior to 2018-07-25

Description The issue allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. This is due to a problem in the libfsclfs block read function in libfsclfs block.c. The vendor has disputed this issue as described in the GitHub issue comments.

Recommendations For versions prior to 2018-07-25, consider updating to a version released after 2018-07-25 to resolve the issue. As a temporary workaround, consider restricting access to crafted clfs files to minimize the risk of exploitation.