Sleuthkit: >> The Sleuth Kit >> 4.6.6 Security Vulnerabilities
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
CVSS Score
9.8
EPSS Score
0.014
Published
2020-03-09
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-03-09
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-02
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-08-02