Candidate: CVE-2017-9831
PublicDate: 2017-06-24 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9831
 https://sourceforge.net/p/libmtp/mailman/message/35735992/
 https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/
Description:
 An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
 function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows
 attackers to cause a denial of service (out-of-bounds memory access) or
 maybe remote code execution by inserting a mobile device into a personal
 computer through a USB cable.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [6.8 MEDIUM]

Patches_libmtp:
upstream_libmtp: released (1.1.13-1)
precise/esm_libmtp: DNE
trusty_libmtp: ignored (reached end-of-life)
trusty/esm_libmtp: DNE (trusty was needed)
vivid/ubuntu-core_libmtp: DNE
xenial_libmtp: ignored (end of standard support, was needed)
esm-infra/xenial_libmtp: needed
yakkety_libmtp: ignored (reached end-of-life)
zesty_libmtp: ignored (reached end-of-life)
artful_libmtp: not-affected (1.1.13-1)
bionic_libmtp: not-affected (1.1.13-1)
cosmic_libmtp: not-affected (1.1.13-1)
disco_libmtp: not-affected (1.1.13-1)
eoan_libmtp: not-affected (1.1.13-1)
focal_libmtp: not-affected (1.1.13-1)
groovy_libmtp: not-affected (1.1.13-1)
hirsute_libmtp: not-affected (1.1.13-1)
impish_libmtp: not-affected (1.1.13-1)
jammy_libmtp: not-affected (1.1.13-1)
devel_libmtp: not-affected (1.1.13-1)