Vulnerabilities > CVE-2018-11730 - Double Free vulnerability in Libfsntfs Project Libfsntfs 20180420

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

libfsntfs-project

CWE-415

NVD

Published: 2018-06-19

Updated: 2024-04-11

Summary

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

Vulnerable Configurations

Part	Description	Count
Application	Libfsntfs_Project Libfsntfs Project Libfsntfs 20180420	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Statements

contributor	Joachim Metz
lastmodified	2018-08-09
organization	libfsntfs
statement	See https://github.com/libyal/libfsntfs/issues/8 for more information.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Statements

References