** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Jun/33 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2018-06-19 14:29
Updated : 2018-08-31 20:29
NVD link : CVE-2018-12097
Mitre link : CVE-2018-12097
JSON object : View
Products Affected
liblnk_project
- liblnk