#VU33053 Integer overflow - CVE-2017-9831

Cybersecurity Help s.r.o.

Published: 2017-06-24 | Updated: 2020-08-03

Vulnerability identifier: #VU33053

Vulnerability risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-9831

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.

Mitigation
Install update from vendor's website.

External links
https://lists.debian.org/debian-lts-announce/2020/04/msg00003.html
https://sourceforge.net/p/libmtp/mailman/message/35735992/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Integer overflow in libmtp (Alpine package)

Fedora 24 update for libmtp

Fedora 25 update for libmtp

Fedora 26 update for libmtp

Fedora EPEL 6 update for libmtp11