18 matches found
CVE-2022-45639
SLEUTHKIT: CVE-2022-45639 affects the fls tool (SleuthKit) 4.11.1, enabling OS command injection via a crafted value to the -m parameter. The vulnerability stems from the handling of the input in the m field, potentially allowing an attacker to execute arbitrary commands on the host when run loca...
CVE-2020-10232
The Sleuth Kit (TSK) up to version 4.8.0 contains a stack buffer overflow in the YAFFS file timestamp parsing in yaffsfs_istat() (fs/yaffs.c). Affected component is the YAFFS timestamp parsing logic; impact is high (potential crash or exploitation as implied by CVSS). Remediation: upgrade to newe...
CVE-2020-10233
CVE-2020-10233 affects The Sleuth Kit (TSK) up to version 4.8.0, where a heap-based buffer over-read occurs in ntfs_dinode_lookup (fs/ntfs.c). Exploitation details are not provided in the available documents, but multiple sources indicate this fixed with a 4.9.0 release. Remediation: upgrade to T...
CVE-2018-19497
CVE-2018-19497 affects The Sleuth Kit (TSK) up to 4.6.4 via hfs_cat_traverse in tsk/fs/hfs.c, where an oversized key length can cause a denial of service (SEGV in tsk_getu16 during hfs_dir_open_meta_cb). Public docsets indicate mitigations/patches: Debian LTS/DLA-3054-1 fixes SleuthKit in Debian ...
CVE-2019-1010065
The CVE affects The Sleuth Kit (TSK) 4.6.0 and earlier, where an Integer Overflow in tsk/fs/hfs.c (hfs_cat_traverse()) can cause a crash when opening a crafted HFS disk image. Affected component is the fls tool for HFS images, with the crash trace at hfs_dent.c:237 and references to hfs_cat_trave...
CVE-2017-13760
CVE-2017-13760 affects The Sleuth Kit (TSK) 4.4.2, where fls hangs when processing a corrupt exFAT image due to a flaw in tsk_img_read() (tsk/img/img_io.c, libtskimg.a). The issue is explicitly noted in multiple open-source advisories and Debian/Mageia references tied to TSK 4.4.2 with exFAT scen...
CVE-2017-13755
CVE-2017-13755 affects The Sleuth Kit (TSK) 4.4.2, where opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() (tsk/fs/iso9660_dent.c). Related issues include CVE-2017-13756 (infinite recursion in dos_load_ext_table() used by mmls) and CVE-2017-13760 (fls hang on c...
CVE-2019-14532
CVE-2019-14532 affects The Sleuth Kit (TSK) 4.6.6, with an off-by-one overwrite caused by an underflow in tools/hashtools/hfind.cpp when using a bogus hash table. The vulnerability can be exploited remotely (network) with no authentication and no user interaction, yielding partial confidentiality...
CVE-2017-13756
The Sleuth Kit (TSK) 4.4.2 contains CVE-2017-13756, where opening a crafted disk image triggers infinite recursion in dos_load_ext_table() (tsk/vs/dos.c) inside libtskvs.a, potentially causing a crash. Public notices across distributions report fixes: Debian’s sleuthkit package update (e.g., 4.4....
CVE-2012-5619
Summary (CVE-2012-5619) The Sleuth Kit (TSK) 4.0.1 fails to properly handle "." (dotfile) entries on FAT and other non-reserved-name filesystems, enabling local attackers to obscure forensic activity (e.g., Flame’s demonstration). Connected documents corroborate this dotfile handling issue and it...
CVE-2018-11740
The Sleuth Kit (TSK) vulnerability CVE-2018-11740 affects libtskbase.a (TSK) from releases 4.0.2 through 4.6.1. The issue is an out-of-bounds read in tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c, which could allow an attacker to disclose information or read unmapped memory, potentially causing a den...
CVE-2018-11739
CVE-2018-11739 affects The Sleuth Kit (TSK) libtskimg.a, specifically the raw_read function in tsk/img/raw.c, with out-of-bounds reads in TS K releases 4.0.2–4.6.1. This can disclose memory content or cause a denial of service. The issue is confirmed across multiple connected sources; remediation...
CVE-2018-11737
The Sleuth Kit (TSK) libtskfs.a releases 4.0.2–4.6.1 contain an out-of-bounds read in ntfs_fix_idxrec (tsk/fs/ntfs_dent.cpp) that could disclose information or read from unmapped memory, causing a denial of service (CVE-2018-11737). Related issues include CVE-2018-11738 (ntfs_make_data_run), CVE-...
CVE-2018-11738
The Sleuth Kit (TSK) libtskfs.a versions 4.0.2–4.6.1 are affected by CVE-2018-11738 due to an out-of-bounds read in ntfs_make_data_run (tsk/fs/ntfs.c). This can disclose information or allow reading unmapped memory, potentially causing a denial of service. Connected advisories note fixes in later...
CVE-2019-14531
CVE-2019-14531 describes an out-of-bounds read in The Sleuth Kit (TSK) v4.6.6 while parsing System Use Sharing Protocol data in fs/iso9660.c (iso9660). The issue is tied to TSK’s handling of ISO9660 data; the connected sources confirm the exact affected component and location, but do not provide ...
CVE-2026-40025
The vulnerability CVE-2026-40025 affects Sleuth Kit up to version 4.14.0, in the APFS filesystem keybag parser. The root cause is an out-of-bounds read: the wrapped_key_parser uses attacker-controlled length fields without bounds checking, enabling heap reads past the allocated buffer. A crafted ...
CVE-2026-40024
The vulnerability affects Sleuth Kit up to version 4.14.0, specifically in the tsk_recover component. A path traversal flaw allows an attacker to write files outside the intended recovery directory by crafting filesystem images with embedded /.. sequences in filenames, which can lead to overwriti...
CVE-2026-40026
CVE-2026-40026 affects The Sleuth Kit up to version 4.14.0. The ISO9660 SUSP extension parser’s parse_susp() trusts length fields (len_id, len_des, len_src) from the disk image and copies data into a stack buffer without validating source bounds, enabling reads past the SUSP data buffer and poten...