{"id":"USN-4765-1","summary":"sleuthkit vulnerabilities","details":"It was discovered that The Sleuth Kit did not properly handle certain\nentires in FAT file systems. An attacker could use this vulnerability to\nmislead an analyst and obscure their activities. This issue only affected\nUbuntu 14.04 ESM. (CVE-2012-5619)\n\nIt was discovered that The Sleuth Kit mishandled certain crafted ISO 9660\nimages. If an analyst were tricked into opening a malicious image, an\nattacker could cause a denial of service (crash). (CVE-2017-13755)","modified":"2026-02-10T04:42:05Z","published":"2021-03-15T20:04:57Z","related":["UBUNTU-CVE-2012-5619","UBUNTU-CVE-2017-13755"],"upstream":["CVE-2012-5619","CVE-2017-13755","UBUNTU-CVE-2012-5619","UBUNTU-CVE-2017-13755"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4765-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-5619"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13755"}],"affected":[{"package":{"name":"sleuthkit","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/sleuthkit@3.2.3-2.2ubuntu0.1~esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.3-2.2ubuntu0.1~esm1"}]}],"versions":["3.2.3-2ubuntu1","3.2.3-2ubuntu2","3.2.3-2.1","3.2.3-2.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.2.3-2.2ubuntu0.1~esm1","binary_name":"libtsk-dev"},{"binary_version":"3.2.3-2.2ubuntu0.1~esm1","binary_name":"libtsk3-3"},{"binary_version":"3.2.3-2.2ubuntu0.1~esm1","binary_name":"sleuthkit"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2012-5619"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-13755"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4765-1.json"}},{"package":{"name":"sleuthkit","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/sleuthkit@4.2.0-3ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0-3ubuntu0.1~esm1"}]}],"versions":["4.1.3-11ubuntu2","4.1.3-12ubuntu1","4.2.0-3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.2.0-3ubuntu0.1~esm1","binary_name":"libtsk-dev"},{"binary_version":"4.2.0-3ubuntu0.1~esm1","binary_name":"libtsk13"},{"binary_version":"4.2.0-3ubuntu0.1~esm1","binary_name":"sleuthkit"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-13755"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4765-1.json"}}],"schema_version":"1.7.3"}