Vulnerability Details CVE-2018-8754
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2018-8754
-
cpe:2.3:a:libevt_project:libevt:20180125
-
cpe:2.3:a:libevt_project:libevt:2019-12-21
-
cpe:2.3:o:debian:debian_linux:9.0