PT-2019-15051 · Libyal+1 · Liblnk+1
Published
2019-10-06
·
Updated
2024-08-05
·
CVE-2019-17264
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
libyal liblnk versions prior to 20191006
Description
The issue is related to a heap-based buffer over-read in the
liblnk location information read data function, located in liblnk location information.c, due to the use of an incorrect variable name for a certain offset. The vendor has disputed this issue, as described in the GitHub issue.Recommendations
For versions prior to 20191006, update to a version released after 20191006 to resolve the issue.
At the moment, there is no information about additional mitigation measures for this issue.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Liblnk