Source: liblnk Version: 20170111-1 Severity: normal Tags: security upstream
Hi, The following vulnerabilities were published for liblnk. CVE-2018-12096[0]: | The liblnk_data_string_get_utf8_string_size function in | liblnk_data_string.c in liblnk through 2018-04-19 allows remote | attackers to cause an information disclosure (heap-based buffer | over-read) via a crafted lnk file. CVE-2018-12097[1]: | The liblnk_location_information_read_data function in | liblnk_location_information.c in liblnk through 2018-04-19 allows | remote attackers to cause an information disclosure (heap-based buffer | over-read) via a crafted lnk file. CVE-2018-12098[2]: | The liblnk_data_block_read function in liblnk_data_block.c in liblnk | through 2018-04-19 allows remote attackers to cause an information | disclosure (heap-based buffer over-read) via a crafted lnk file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12096 [1] https://security-tracker.debian.org/tracker/CVE-2018-12097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12097 [2] https://security-tracker.debian.org/tracker/CVE-2018-12098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12098 [3] http://seclists.org/fulldisclosure/2018/Jun/33 Regards, Salvatore