20180428

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

libpff-project

CWE-835

NVD

Published: 2018-12-22

Updated: 2019-10-03

Summary

libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.

Vulnerable Configurations

Part	Description	Count
Application	Libpff_Project Libpff Project Libpff 20161119 Libpff Project Libpff 20180428	2

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/libyal/libpff/issues/48