The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,CWE-200,CWE-125,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libfsntfs_project | libfsntfs | * |
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,CWE-200,CWE-125,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libfsntfs_project | libfsntfs | * |
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libfsntfs_project | libfsntfs | * |
The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
CVSS 2.0
Severity: LOW
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libfsntfs_project | libfsntfs | * |
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libfsntfs_project | libfsntfs | * |