CVE-2018-12098

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
19/06/2018
Last modified:
17/06/2026

Description

The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:liblnk_project:liblnk:*:*:*:*:*:*:*:* 20180419 (including)