AI Score
Confidence
High
EPSS
Percentile
58.3%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
[
{
"cpes": [
"cpe:2.3:a:libfsntfs_project:libfsntfs:*:*:*:*:*:*:*:*"
],
"vendor": "libfsntfs_project",
"product": "libfsntfs",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "20180420"
}
],
"defaultStatus": "unknown"
}
]