CVE-2018-20348

The CVE-2018-20348 entry documents a local-denial-of-service vulnerability in libpff: specifically, libpff_item_tree_create_node in libpff_item_tree.c (before experimental-20180714) can be triggered by a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. Exploitation would ...

CVE-2020-18897

CVE-2020-18897 is a use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623. The flaw allows a crafted pff file to cause denial of service or execute arbitrary code. The provided documents identify the affected component and the underlying cause ...