The Sleuth Kit
Sign in to watchby Sleuthkit
Source repositories
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40024 | Hig | 0.39 | 7.1 | 0.00 | Apr 8, 2026 | The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries. | |
| CVE-2017-13760 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2017 | In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. | |
| CVE-2017-13756 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2017 | In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | |
| CVE-2017-13755 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2017 | In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. | |
| CVE-2026-40026 | Med | 0.22 | 4.4 | 0.00 | Apr 8, 2026 | The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop. | |
| CVE-2026-40025 | Med | 0.22 | 4.4 | 0.00 | Apr 8, 2026 | The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes. | |
| CVE-2012-5619 | 0.00 | — | 0.00 | Sep 29, 2014 | The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame. |