A vulnerability was found in edk2. A heap buffer overflow in UdfDxe/FileSystemOperations.c when 'LengthofComponentIdentifier' field of a Path Component does not match the data within the relating (Extended) File Entry. Upstream Bug: https://bugzilla.tianocore.org/show_bug.cgi?id=828 Upstream Commit: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1683424] Affects: fedora-all [bug 1683423]
Closing this in favor of bug 1691640.