CVE-2026-47224

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...

CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

Debian DLA-3054-1 : sleuthkit - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3054 advisory. - In The Sleuth Kit TSK 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660procdir in tsk/fs/iso9660dent.c in libtskfs.a, as...

GHSA-G2J5-7VGX-6XRX OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfsdent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfscattraverse in lines: 952, 1062. The attack...

CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfsdent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfscattraverse in lines: 952, 1062. The attack...

CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfsdent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfscattraverse in lines: 952, 1062. The attack...

Apple macOS High Sierra Disk Images Arbitrary Application Launch Vulnerability

Apple macOS High Sierra is a proprietary operating system developed by Apple for Mac computers.Disk Images is one of the components of the Disk Image Format. A security vulnerability exists in the Disk Images component of Apple macOS High Sierra versions prior to 10.13.4. The vulnerability can be...

CVE-2018-4176

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image...

The Sleuth Kit Buffer Overflow Vulnerability (CNVD-2017-28573)

The Sleuth Kit TSK is a collection of data forensic tools developed by software developer Brian Carrier. The tools are able to analyze file systems such as FAT, NTFS, UFS, etc. and provide detailed information about the file system, including deleted data. A security vulnerability exists in TSK...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

Code injection

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

DEBIAN-CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

UBUNTU-CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

PT-2017-13078 · Tsk +1 · The Sleuth Kit +1

Name of the Vulnerable Software and Affected Versions: The Sleuth Kit TSK version 4.4.2 Description: The issue is triggered by opening a crafted disk image, leading to infinite recursion in the dos load ext table function in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. Recommendations: Fo...