ALT-PU-2020-2300-1
Package libextractor updated to version 1.10-alt1 for branch sisyphus in task 254390.
Closed vulnerabilities
Published: 2019-08-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15531
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://bugs.gnunet.org/view.php?id=5846
- https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/
- https://bugs.gnunet.org/view.php?id=5846
- https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/