5 matches found
CVE-2019-17264
CVE-2019-17264 concerns the libyal liblnk library. Affected: liblnk prior to 20191006. The issue is a heap-based buffer over-read in liblnk_location_information_read_data caused by using an incorrect variable name for an offset. The vendor has disputed this in the related GitHub issue. Impact is ...
CVE-2018-12098
The vulnerability CVE-2018-12098 affects liblnk up to 2018-04-19, caused by the liblnk_data_block_read() function in liblnk_data_block.c, leading to a heap-based buffer over-read via a crafted .lnk file. Exploitation details are not fully disclosed in the provided documents; vendor dispute is not...
CVE-2019-17401
CVE-2019-17401 refers to a heap/over-read issue in libyal liblnk 20191006, specifically in liblnk_location_information_read_data within the network_share_name_offset>20 code block. This is described as a different issue from CVE-2019-17264, and the vendor has disputed it (GitHub issue referenc...
CVE-2018-12097
The CVE affects the liblnk library: the function liblnk_location_information_read_data in liblnk_location_information.c (liblnk up to 2018-04-19) allows an attacker to cause information disclosure via a crafted .lnk file. The vulnerability is a heap-based buffer over-read. Vendors dispute the cla...
CVE-2018-12096
The vulnerability CVE-2018-12096 affects liblnk (liblnk_data_string.c: liblnk_data_string_get_utf8_string_size) where a crafted .lnk file may cause heap-based buffer over-read leading to information disclosure. The vendor disputes this issue (libyal/liblnlk issue 33 on GitHub). The connected reco...