VYPR
Vendor

Libyal

Products
8
CVEs
21
Across products
21
Status
Private

Products

8

Recent CVEs

21
View all 21 CVEs →
  • CVE-2018-15161MedSep 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments

  • CVE-2018-15160MedSep 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments

  • CVE-2018-15159MedSep 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments

  • CVE-2018-15158MedSep 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments

  • CVE-2018-15157MedSep 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments

  • CVE-2018-12098MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on…

  • CVE-2018-12097MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-12096MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-11731MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-11730MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-11729MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-11728MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as…

  • CVE-2018-11727MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-11723MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in…

  • CVE-2020-18900Aug 19, 2021
    risk 0.00cvss epss 0.00

    A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub

  • CVE-2020-18897Aug 19, 2021
    risk 0.00cvss epss 0.01

    An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

  • CVE-2019-17401Oct 9, 2019
    risk 0.00cvss epss 0.00

    libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub…

  • CVE-2019-17264Oct 6, 2019
    risk 0.00cvss epss 0.00

    In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue

  • CVE-2019-17263Oct 6, 2019
    risk 0.00cvss epss 0.01

    In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE:…

  • CVE-2018-20348Dec 22, 2018
    risk 0.00cvss epss 0.00

    libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.