Debian LTS: DLA-2169-1 Critical: libmtp Denial of Service Threat
debian lts
April 5, 2020
libmtp is a library for communicating with MTP aware devices
Topics Covered
Summary
CVE-2017-9831
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
function of the ptp-pack.c file allows attackers to cause a denial of
service (out-of-bounds memory access) or maybe remote code execution by
inserting a mobile device into a personal computer through a USB cable.
CVE-2017-9832
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function)
allows attackers to cause a denial of service (out-of-bounds memory
access) or maybe remote code execution by inserting a mobile device into
a personal computer through a USB cable.
For Debian 8 "Jessie", these problems have been fixed in version
1.1.8-1+deb8u1.
We recommend that you upgrade your libmtp packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libmtp
Version: 1.1.8-1+deb8u1
CVE ID: CVE-2017-9831 CVE-2017-9832
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!