CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11723

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.6%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 1.9

References

http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.html
http://seclists.org/fulldisclosure/2018/Jun/15
http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.html
http://seclists.org/fulldisclosure/2018/Jun/15

Products affected by CVE-2018-11723

Libpff Project » Libpff » Version: 20161119

cpe:2.3:a:libpff_project:libpff:20161119
Libpff Project » Libpff » Version: 20180428

cpe:2.3:a:libpff_project:libpff:20180428

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11723

Products

Pricing

Contact Us