ALT-PU-2017-2450-1
Package libextractor updated to version 1.6-alt1 for branch sisyphus in task 190939.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-15266
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
- http://openwall.com/lists/oss-security/2017/10/11/1
- http://openwall.com/lists/oss-security/2017/10/11/1
- 101271
- 101271
- https://bugzilla.redhat.com/show_bug.cgi?id=1499599
- https://bugzilla.redhat.com/show_bug.cgi?id=1499599
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
Modified: 2024-11-21
CVE-2017-15267
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
- http://openwall.com/lists/oss-security/2017/10/11/1
- http://openwall.com/lists/oss-security/2017/10/11/1
- 101272
- 101272
- https://bugzilla.redhat.com/show_bug.cgi?id=1499600
- https://bugzilla.redhat.com/show_bug.cgi?id=1499600
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
Modified: 2024-11-21
CVE-2017-15600
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1501695
- https://bugzilla.redhat.com/show_bug.cgi?id=1501695
- https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
- https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
Modified: 2024-11-21
CVE-2017-15601
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
- https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
- https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
Modified: 2024-11-21
CVE-2017-15602
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
- https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
- https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
Modified: 2024-11-21
CVE-2017-15922
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
- http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
- 101595
- 101595
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update
- [debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update