In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.