Bug 635232

Summary:	app-forensics/sleuthkit: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	minor	CC:	gokturk
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [ebuild cve]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-23 21:23:09 UTC

CVE-2017-13760 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13760):
  In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in
  tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

CVE-2017-13756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13756):
  In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers
  infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as
  demonstrated by mmls.

CVE-2017-13755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13755):
  In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an
  out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in
  libtskfs.a, as demonstrated by fls.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-23 21:24:32 UTC

@Maintainer could you please confirm if we are affected by these CVEs?

Thank you

Comment 2 Göktürk Yüksek archtester

2017-10-23 21:41:15 UTC

This is a duplicate of bug 629352

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-23 22:51:26 UTC

thanks, sorry, couldn't catch the other two aliases.

*** This bug has been marked as a duplicate of bug 629352 ***