Your submission was sent successfully! Close

CVE-2018-11099

Published: 17 May 2018

The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file.

From the Ubuntu Security Team

It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
vcftools
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Not vulnerable
(0.1.16-1)
disco Not vulnerable
(0.1.16-1)
eoan Not vulnerable
(0.1.16-1)
focal Not vulnerable
(0.1.16-1)
groovy Not vulnerable
(0.1.16-1)
hirsute Not vulnerable
(0.1.16-1)
impish Not vulnerable
(0.1.16-1)
jammy Not vulnerable
(0.1.16-1)
kinetic Not vulnerable
(0.1.16-1)
precise Does not exist

trusty Needed

upstream
Released (0.1.16-1)
xenial
Released (0.1.14+dfsg-2ubuntu0.1)