Debian Sleuthkit vulnerabilities

CVE-2026-40024 [HIGH] CVE-2026-40024: sleuthkit - The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec... The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in fi

CVE-2026-40025 [MEDIUM] CVE-2026-40025: sleuthkit - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in th... The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when p

CVE-2026-40026 [MEDIUM] CVE-2026-40026: sleuthkit - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in th... The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that ca

CVE-2020-10232 [CRITICAL] CVE-2020-10232: sleuthkit - In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer ov... In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. Scope: local bookworm: resolved (fixed in 4.9.0+dfsg-2) bullseye: resolved (fixed in 4.9.0+dfsg-2) forky: resolved (fixed in 4.9.0+dfsg-2) sid: resolved (fixed in 4.9.0+dfsg-2) trixie:

CVE-2020-10233 [CRITICAL] CVE-2020-10233: sleuthkit - In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buff... In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. Scope: local bookworm: resolved (fixed in 4.9.0+dfsg-2) bullseye: resolved (fixed in 4.9.0+dfsg-2) forky: resolved (fixed in 4.9.0+dfsg-2) sid: resolved (fixed in 4.9.0+dfsg-2) trixie: resolved (fixed in 4.9.0+dfsg-2)

CVE-2019-14531 [CRITICAL] CVE-2019-14531: sleuthkit - An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds... An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-14532 [CRITICAL] CVE-2019-14532: sleuthkit - An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one ov... An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-1010065 [MEDIUM] CVE-2019-1010065: sleuthkit - The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is... The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. S

CVE-2018-11737 [HIGH] CVE-2018-11737: sleuthkit - An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2... An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. Scope: local bookworm:

CVE-2018-11740 [HIGH] CVE-2018-11740: sleuthkit - An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0... An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. Scope: local

CVE-2018-11739 [HIGH] CVE-2018-11739: sleuthkit - An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.... An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. Scope: local bookworm: open b

CVE-2018-19497 [MEDIUM] CVE-2018-19497: sleuthkit - In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not... In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). Scope: local bookworm: resolved (fixed in 4.6.5-1) bullseye: re

CVE-2018-11738 [HIGH] CVE-2018-11738: sleuthkit - An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2... An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. Scope: local bookwor

CVE-2017-13760 [MEDIUM] CVE-2017-13760: sleuthkit - In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_rea... In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. Scope: local bookworm: resolved (fixed in 4.4.2-3) bullseye: resolved (fixed in 4.4.2-3) forky: resolved (fixed in 4.4.2-3) sid: resolved (fixed in 4.4.2-3) trixie: resolved (fixed in 4.4.2-3)

CVE-2017-13755 [MEDIUM] CVE-2017-13755: sleuthkit - In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-... In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. Scope: local bookworm: resolved (fixed in 4.4.2-3) bullseye: resolved (fixed in 4.4.2-3) forky: resolved (fixed in 4.4.2-3) sid: resolved (fixed in 4.4.2-3) trixie: resolved (fixed in

CVE-2017-13756 [MEDIUM] CVE-2017-13756: sleuthkit - In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite re... In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. Scope: local bookworm: resolved (fixed in 4.4.2-3) bullseye: resolved (fixed in 4.4.2-3) forky: resolved (fixed in 4.4.2-3) sid: resolved (fixed in 4.4.2-3) trixie: resolved (fixed in 4.4.2-3)

CVE-2012-5619 [LOW] CVE-2012-5619: sleuthkit - The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system en... The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame. Scope: local bookworm: resolved (fixed in 4.1.2-1) bullseye: resolved (fixed in 4.1

CVE-2007-4195 [MEDIUM] CVE-2007-4195: sleuthkit - Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) b... Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image. Scope: local bookworm: resolved (fixed in 2.09-1) bullseye: resolved (fixed in 2.09-1) forky: resolved (fixed

CVE-2007-4199 [MEDIUM] CVE-2007-4199: sleuthkit - Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attac... Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat. Scope:

CVE-2007-4196 [MEDIUM] CVE-2007-4196: sleuthkit - icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain m... icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image. Scope: local bookworm: resolved (fixed in 2.09-1) bullseye: resolved (f