Candidate: CVE-2017-13755
PublicDate: 2017-08-29 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13755
 https://github.com/sleuthkit/sleuthkit/issues/913
Description:
 In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an
 out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in
 libtskfs.a, as demonstrated by fls.
Ubuntu-Description:
 It was discovered that The Sleuth Kit mishandled certain crafted ISO 9660
 images. If an analyst were tricked into opening a malicious image, an attacker
 could cause a denial of service (crash).
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873726
Priority: medium
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_sleuthkit:
upstream_sleuthkit: released
precise/esm_sleuthkit: DNE
trusty_sleuthkit: ignored (reached end-of-life)
trusty/esm_sleuthkit: DNE (trusty was needed)

vivid/ubuntu-core_sleuthkit: DNE
xenial_sleuthkit: ignored (end of standard support, was needed)

zesty_sleuthkit: ignored (reached end-of-life)
artful_sleuthkit: ignored (reached end-of-life)
bionic_sleuthkit: not-affected (4.4.2-3)
cosmic_sleuthkit: not-affected (4.4.2-3)
disco_sleuthkit: not-affected (4.4.2-3)
eoan_sleuthkit: not-affected (4.4.2-3)
focal_sleuthkit: not-affected (4.4.2-3)
groovy_sleuthkit: not-affected (4.4.2-3)
hirsute_sleuthkit: not-affected (4.4.2-3)
impish_sleuthkit: not-affected (4.4.2-3)
jammy_sleuthkit: not-affected (4.4.2-3)
devel_sleuthkit: not-affected (4.4.2-3)