← Back

Sleuthkit

sleuthkit

19 CVEs • 2 products

Products (2)

Click to collapse
Toggle
The Sleuth Kit
the_sleuth_kit
18 CVEs
Autopsy
autopsy
1 CVE

CVEs (19)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-40026
1Sleuthkit
1The Sleuth Kit
Apr 17, 2026
Apr 8, 2026
4.8 MEDIUM· v4
7.1 HIGH· v3
N/A· v2
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data in...Show more
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.Show less
CVE-2026-40025
1Sleuthkit
1The Sleuth Kit
Apr 15, 2026
Apr 8, 2026
4.8 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causin...Show more
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.Show less
CVE-2026-40024
1Sleuthkit
1The Sleuth Kit
Apr 15, 2026
Apr 8, 2026
8.4 HIGH· v4
7.1 HIGH· v3
N/A· v2
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or director...Show more
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.Show less
CVE-2022-45639
1Sleuthkit
1The Sleuth Kit
Apr 2, 2025
Jan 24, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis s...Show more
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.Show less
CVE-2020-10233
1Sleuthkit
1The Sleuth Kit
Nov 21, 2024
Mar 9, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
CVE-2020-10232
3Debian
FedoraprojectSleuthkit
3Debian Linux
FedoraThe Sleuth Kit
Nov 21, 2024
Mar 9, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
CVE-2019-14532
2Fedoraproject
Sleuthkit
2Fedora
The Sleuth Kit
Nov 21, 2024
Aug 2, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
CVE-2019-14531
1Sleuthkit
1The Sleuth Kit
Nov 21, 2024
Aug 2, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.
CVE-2019-1010065
3Debian
FedoraprojectSleuthkit
3Debian Linux
FedoraThe Sleuth Kit
Nov 21, 2024
Jul 18, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in ts...Show more
The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image.Show less
CVE-2018-1000838
1Sleuthkit
1Autopsy
Nov 21, 2024
Dec 20, 2018
N/A· v4
10.0 CRITICAL· v3
7.5 HIGH· v2
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be...Show more
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.Show less
CVE-2018-19497
3Debian
FedoraprojectSleuthkit
3Debian Linux
FedoraThe Sleuth Kit
Nov 21, 2024
Nov 29, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ m...Show more
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).Show less
CVE-2018-11740
1Sleuthkit
1The Sleuth Kit
Nov 21, 2024
Jun 5, 2018
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which coul...Show more
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.Show less
CVE-2018-11739
1Sleuthkit
1The Sleuth Kit
Nov 21, 2024
Jun 5, 2018
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by...Show more
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.Show less
CVE-2018-11738
1Sleuthkit
1The Sleuth Kit
Nov 21, 2024
Jun 5, 2018
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be lev...Show more
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.Show less
CVE-2018-11737
1Sleuthkit
1The Sleuth Kit
Nov 21, 2024
Jun 5, 2018
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be...Show more
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.Show less
CVE-2017-13760
2Debian
Sleuthkit
2Debian Linux
The Sleuth Kit
May 13, 2026
Aug 29, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.
CVE-2017-13756
2Debian
Sleuthkit
2Debian Linux
The Sleuth Kit
May 13, 2026
Aug 29, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.
CVE-2017-13755
2Debian
Sleuthkit
2Debian Linux
The Sleuth Kit
May 13, 2026
Aug 29, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.
CVE-2012-5619
1Sleuthkit
1The Sleuth Kit
May 6, 2026
Sep 29, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more dif...Show more
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.Show less