20180428

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

libpff-project

CWE-416

NVD

Published: 2021-08-19

Updated: 2024-11-21

Summary

An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

Vulnerable Configurations

Part	Description	Count
Application	Libpff_Project Libpff Project Libpff 20161119 Libpff Project Libpff 20180428	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/libyal/libpff/issues/61
https://github.com/libyal/libpff/issues/61
https://github.com/libyal/libpff/issues/62
https://github.com/libyal/libpff/issues/62