Description
In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/libyal/liblnk/issues/38
Patch, Third Party Advisory x_refsource_misc
https://github.com/libyal/liblnk/compare/20181227...20191006
Scores
CVSS v3
3.3
EPSS
0.0043
EPSS Percentile
34.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-125
CWE-682
Status
published
Products (1)
liblnk_project/liblnk
< 20191006
Published
Oct 06, 2019
Tracked Since
Feb 18, 2026