DebianDEBIAN:DLA-2169-1:C225F[SECURITY] [DLA 2169-1] libmtp security update
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%
Package : libmtp
Version : 1.1.8-1+deb8u1
CVE ID : CVE-2017-9831 CVE-2017-9832
libmtp is a library for communicating with MTP aware devices. The Media
Transfer Protocol (commonly referred to as MTP) is a devised set of custom
extensions to support the transfer of music files on USB digital audio players
and movie files on USB portable media players.
CVE-2017-9831
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
function of the ptp-pack.c file allows attackers to cause a denial of
service (out-of-bounds memory access) or maybe remote code execution by
inserting a mobile device into a personal computer through a USB cable.
CVE-2017-9832
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function)
allows attackers to cause a denial of service (out-of-bounds memory
access) or maybe remote code execution by inserting a mobile device into
a personal computer through a USB cable.
For Debian 8 "Jessie", these problems have been fixed in version
1.1.8-1+deb8u1.
We recommend that you upgrade your libmtp packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | armel | libmtp-dev | < 1.1.8-1+deb8u1 | libmtp-dev_1.1.8-1+deb8u1_armel.deb |
| Debian | 7 | armel | libmtp-dbg | < 1.1.3-35-g0ece104-5+deb7u1 | libmtp-dbg_1.1.3-35-g0ece104-5+deb7u1_armel.deb |
| Debian | 7 | armel | libmtp9 | < 1.1.3-35-g0ece104-5+deb7u1 | libmtp9_1.1.3-35-g0ece104-5+deb7u1_armel.deb |
| Debian | 8 | amd64 | libmtp-runtime | < 1.1.8-1+deb8u1 | libmtp-runtime_1.1.8-1+deb8u1_amd64.deb |
| Debian | 7 | armel | libmtp-dev | < 1.1.3-35-g0ece104-5+deb7u1 | libmtp-dev_1.1.3-35-g0ece104-5+deb7u1_armel.deb |
| Debian | 7 | amd64 | libmtp-dbg | < 1.1.3-35-g0ece104-5+deb7u1 | libmtp-dbg_1.1.3-35-g0ece104-5+deb7u1_amd64.deb |
| Debian | 7 | armhf | libmtp-dbg | < 1.1.3-35-g0ece104-5+deb7u1 | libmtp-dbg_1.1.3-35-g0ece104-5+deb7u1_armhf.deb |
| Debian | 7 | amd64 | libmtp-dev | < 1.1.3-35-g0ece104-5+deb7u1 | libmtp-dev_1.1.3-35-g0ece104-5+deb7u1_amd64.deb |
| Debian | 7 | i386 | mtp-tools | < 1.1.3-35-g0ece104-5+deb7u1 | mtp-tools_1.1.3-35-g0ece104-5+deb7u1_i386.deb |
| Debian | 8 | armel | libmtp-dbg | < 1.1.8-1+deb8u1 | libmtp-dbg_1.1.8-1+deb8u1_armel.deb |
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%