MidnightBSD

Advisories for libfsntfs_project

CVE-2018-11727 LOW

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-200,CWE-125,CWE-200,

Products Affected

Vendor Product Version
libfsntfs_project libfsntfs *
CVE-2018-11728 LOW

The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-200,CWE-125,CWE-200,

Products Affected

Vendor Product Version
libfsntfs_project libfsntfs *
CVE-2018-11729 LOW

The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-200,

Products Affected

Vendor Product Version
libfsntfs_project libfsntfs *
CVE-2018-11730 LOW

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

CVSS 2.0

Severity: LOW

Problem Type: CWE-415,

Products Affected

Vendor Product Version
libfsntfs_project libfsntfs *
CVE-2018-11731 LOW

The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-200,

Products Affected

Vendor Product Version
libfsntfs_project libfsntfs *