20180428

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

libpff-project

CWE-416

NVD

Published: 2021-08-19

Updated: 2021-08-23

Summary

An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

Vulnerable Configurations

Part	Description	Count
Application	Libpff_Project Libpff Project Libpff 20161119 Libpff Project Libpff 20180428	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/libyal/libpff/issues/62
https://github.com/libyal/libpff/issues/61