PT-2018-15320 · Libpff · Libpff

Leonzhao7

Published

2018-12-22

Updated

2019-10-03

CVE-2018-20348

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libpff versions prior to experimental-20180714

Description The issue allows attackers to cause a denial of service, specifically an infinite recursion, via a crafted file. This is related to the function libfdata tree get node value in libfdata tree.c.

Recommendations For versions prior to experimental-20180714, update to a version that includes the fix for the infinite recursion issue in libpff item tree create node.

Exploit

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2018-20348

Affected Products

Libpff

PT-2018-15320 · Libpff · Libpff

CVE-2018-20348

Weakness Enumeration

Related Identifiers

Affected Products

References · 8