CVE-2020-18897

Name of the Vulnerable Software and Affected Versions Libpff versions prior to 20180623

Description The issue is related to an use-after-free vulnerability in the libpff item tree create node function, which allows attackers to cause a denial of service or execute arbitrary code via a crafted pff file. This vulnerability can also lead to unauthorized access to confidential data and disruption of data integrity.

Recommendations For versions prior to 20180623, update to a version released after 20180623 to resolve the issue. As a temporary workaround, consider restricting the use of the libpff item tree create node function until a patch is available. Avoid using crafted pff files to minimize the risk of exploitation.