Heap-based Buffer Over-read in libyal liblnk

Heap-based Buffer Over-read in libyal liblnk

CVE-2019-17264 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue

Learn more about our Web Application Penetration Testing UK.