PT-2026-31463 · Unknown · The Sleuth Kit
Published
2026-04-08
·
Updated
2026-04-17
·
CVE-2026-40026
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
The Sleuth Kit versions through 4.14.0
Description
The Sleuth Kit contains an out-of-bounds read issue in the ISO9660 filesystem parser. The
parse susp() function does not properly validate the len id, len des, and len src fields from the disk image before copying data into a stack buffer. This can lead to reads beyond the allocated memory, and a zero-length SUSP entry can cause an infinite loop.Recommendations
Update to a version newer than 4.14.0.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Sleuth Kit