Vulnerabilities > CVE-2018-20348 - Infinite Loop vulnerability in Libpff Project Libpff 20161119/20180428

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
libpff-project
CWE-835

Summary

libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.

Vulnerable Configurations

Part Description Count
Application
Libpff_Project
2