Published: 18/05/2006 Updated: 18/10/2018

CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9

VMScore: 405

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Multiple heap-based buffer overflows in Libextractor 0.5.13 and previous versions allow remote malicious users to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

Vulnerable Product	Search on Vulmon	Subscribe to Product
libextractor libextractor 0.5.13

Luigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files, which can lead to the execution of arbitrary code The old stable distribution (woody) is not affected by this problem For the stable distribution (sarge) this problem has been fixed in version 042-2sar ...

# libextractor <= 0513 Multiple Heap Overflow PoC Exploits githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/1801zip (05172006-libexthozip) # milw0rmcom [2006-05-17] ...

NVD-CWE-Other http://www.securityfocus.com/bid/18021 http://securitytracker.com/id?1016118 http://secunia.com/advisories/20150 http://gnunet.org/libextractor/http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml http://secunia.com/advisories/20160 http://www.debian.org/security/2006/dsa-1081 http://secunia.com/advisories/20326 http://www.novell.com/linux/security/advisories/2006-06-02.html http://secunia.com/advisories/20457 http://securityreason.com/securityalert/916 http://www.vupen.com/english/advisories/2006/1848 https://exchange.xforce.ibmcloud.com/vulnerabilities/26532 https://exchange.xforce.ibmcloud.com/vulnerabilities/26531 http://www.securityfocus.com/archive/1/434288/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1081 https://www.exploit-db.com/exploits/1801/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2458

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect