CVE-2017-13756

low-risk

Published 2017-08-29

In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Debian Linux

The Sleuth Kit

Affected Vendors

Debian Sleuthkit

References (4)

Issue Tracking https://github.com/sleuthkit/sleuthkit/issues/914

Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html

Issue Tracking https://github.com/sleuthkit/sleuthkit/issues/914

Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low