CVE-2020-18897

Published: Aug 19, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

Affected (1)

Products: Libpff Project: Libpff

Libpff Project

1 product

Libpff

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libpff Project Libpff	Before 20180623

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://github.com/libyal/libpff/issues/61

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/libyal/libpff/issues/62

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/libyal/libpff/issues/61

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/libyal/libpff/issues/62

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.