Published: 18/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu libextractor 1.4

Debian Bug report logs - #883691 game-music-emu: CVE-2017-17446: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail Package: src:game-music-emu; Maintainer for src:game-music-emu is Sebastian Dröge <slomo@debianorg>; Reported by: Markus Koschany <apo@debianorg> ...

Debian Bug report logs - #878314 libextractor: CVE-2017-15266 CVE-2017-15267 Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 12 Oct 2017 17:21:01 UTC Severity: important Tags: patch, security, upstream Fo ...

Debian Bug report logs - #883528 libextractor: CVE-2017-17440: various null pointer dereferences in GIF, IT, NSFE, S3M, SID and XM plugins Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Mon, 4 Dec 2017 19:15:01 UTC S ...

CWE-835 https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883691

CVE-2017-15602

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect