Primary

Context

The Sleuth Kit ISO9660 SUSP Extension Out-of-Bounds Read Vulnerability

Vulnerability

A out-of-bounds read vulnerability has been identified in The Sleuth Kit versions through 4.14.0, within the ISO9660 filesystem parser. The issue arises in the parse_susp() function, which improperly trusts the len_id, len_des, and len_src fields from the disk image. This lack of validation allows data to be copied into a stack buffer using memcpy, potentially leading to reads beyond the intended SUSP data buffer. Additionally, a zero-length SUSP entry can cause an infinite parsing loop.

Impact

Exploitation of this vulnerability can lead to out-of-bounds read, causing potential information disclosure or memory corruption.

Remediation

Users can update to The Sleuth Kit version 4.14.0 or later, where this vulnerability has been fixed.

Added: Apr 9, 2026, 12:13 AM

Updated: Apr 9, 2026, 12:13 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

5.3

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

5.3

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

The Sleuth Kit ISO9660 SUSP Extension Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

The Sleuth Kit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating