CVE-2014-2885

Name of the Vulnerable Software and Affected Versions TrueCrypt version 7.1a

Description The issue allows local users to obtain sensitive information or cause a denial of service. This is achieved through multiple integer overflows, specifically via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.

Recommendations For TrueCrypt version 7.1a, consider disabling the MainThreadProc function and restricting access to the ProcessVolumeDeviceControlIrp function in Ntdriver.c to minimize the risk of exploitation. Avoid using large StartingOffset and Length values in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.