CVE-2018-11730

MEDIUM

Libfsntfs < 20180420 - Double Free

Title source: rule

Description

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

References (2)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jun/17

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

libfsntfs_project/libfsntfs < 20180420

Timeline

Published Jun 19, 2018

Tracked Since Feb 18, 2026