VYPR
Medium severity5.5NVD Advisory· Published Jun 19, 2018· Updated Jun 17, 2026

CVE-2018-12097

CVE-2018-12097

Description

The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub

Affected products

2
  • Libyal/Liblnkinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=2018-04-19

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.