{
  "version": "1",
  "package": [
    {
      "name": "dosfstools",
      "layer": "meta",
      "version": "4.2",
      "products": [
        {
          "product": "dosfstools",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2015-8872",
          "summary": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",
          "scorev2": "2.1",
          "scorev3": "6.2",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2015-8872"
        },
        {
          "id": "CVE-2016-4804",
          "summary": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.",
          "scorev2": "2.1",
          "scorev3": "6.2",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2016-4804"
        }
      ]
    }
  ]
}