An use-after-free vulnerability in the libpffitemtreecreatenode function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "20180714-2", "binary_name": "libpff-dev" }, { "binary_version": "20180714-2", "binary_name": "libpff1" }, { "binary_version": "20180714-2", "binary_name": "libpff1-dbgsym" }, { "binary_version": "20180714-2", "binary_name": "pff-tools" }, { "binary_version": "20180714-2", "binary_name": "pff-tools-dbgsym" }, { "binary_version": "20180714-2", "binary_name": "python3-pypff" }, { "binary_version": "20180714-2", "binary_name": "python3-pypff-dbgsym" } ] }