CVE-2018-8754

Published
View on NVD ↗
CVSS v3
5.5
MEDIUM
CVSS v2
2.1
LOW
Affected
1
PROJECT

Description

The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub

libyal/libevt
libyal/libevt
Library and tools to access the Windows Event Log (EVT) format
GitHubGitHub
60