漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c
Vulnerability Description
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The function reads a 2-byte enumeration count N via `dtoh16o(data, *poffset)` without verifying that 2 bytes remain in the buffer. The standard `ptp_unpack_DPD()` at line 704 has this exact check, confirming the Sony variant omitted it by oversight. Commit 3b9f9696be76ae51dca983d9dd8ce586a2561845 fixes the issue.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
libgphoto2 安全漏洞
Vulnerability Description
libgphoto2是gPhoto开源的一个数码相机访问与控制库。 libgphoto2 2.5.33及之前版本存在安全漏洞,该漏洞源于camlibs/ptp2/ptp-pack.c文件中ptp_unpack_Sony_DPD函数在PTP_DPFF_Enumeration情况下读取2字节枚举计数时未验证缓冲区剩余字节,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A