CVE-2017-9831

Priority
Description
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows
attackers to cause a denial of service (out-of-bounds memory access) or
maybe remote code execution by inserting a mobile device into a personal
computer through a USB cable.
Package
Upstream:released (1.1.13-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.1.13-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.1.13-1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.1.13-1)
More Information

Updated: 2019-03-19 11:26:39 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)