ALT-PU-2018-2011-1
Package libextractor updated to version 1.7-alt1 for branch sisyphus in task 209960.
Closed vulnerabilities
Published: 2017-12-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-17440
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- 102116
- 102116
- https://bugs.debian.org/883528#35
- https://bugs.debian.org/883528#35
- https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
- https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html
- https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html
Published: 2018-07-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14346
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html
- http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html
- https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
- https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
- [debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update
- [debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update
- DSA-4290
- DSA-4290
Published: 2018-07-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14347
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
- http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
- https://gnunet.org/bugs/view.php?id=5399
- https://gnunet.org/bugs/view.php?id=5399
- https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
- https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
- [debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update
- [debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update
- DSA-4290
- DSA-4290