635232 – app-forensics/sleuthkit: Multiple vulnerabilities

Bug 635232 - app-forensics/sleuthkit: Multiple vulnerabilities

Summary: app-forensics/sleuthkit: Multiple vulnerabilities

Status:	RESOLVED DUPLICATE of bug 629352

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [ebuild cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-10-23 21:23 UTC by GLSAMaker/CVETool Bot
Modified:	2017-10-23 22:51 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-23 21:23:09 UTC

CVE-2017-13760 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13760):
  In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in
  tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

CVE-2017-13756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13756):
  In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers
  infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as
  demonstrated by mmls.

CVE-2017-13755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13755):
  In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an
  out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in
  libtskfs.a, as demonstrated by fls.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-23 21:24:32 UTC

@Maintainer could you please confirm if we are affected by these CVEs?

Thank you

Comment 2 Göktürk Yüksek archtester

2017-10-23 21:41:15 UTC

This is a duplicate of bug 629352

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-23 22:51:26 UTC

thanks, sorry, couldn't catch the other two aliases.

*** This bug has been marked as a duplicate of bug 629352 ***