Published: 06/12/2017 Updated: 22/12/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

GNU Libextractor 1.6 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu libextractor 1.6

Debian Bug report logs - #907987 libextractor: CVE-2018-16430: Out of Bound Read Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Sep 2018 20:27:02 UTC Severity: serious Tags: patch, security, upstream ...

Debian Bug report logs - #904903 libextractor: CVE-2018-14346: stack-buffer-underflow Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jul 2018 11:03:02 UTC Severity: serious Tags: patch, security, upstr ...

Debian Bug report logs - #880016 libextractor: CVE-2017-15922 Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 12:30:02 UTC Severity: important Tags: patch, security, upstream Found in version ...

Debian Bug report logs - #904905 libextractor: CVE-2018-14347: Infinite loop in extract Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jul 2018 11:09:01 UTC Severity: serious Tags: patch, security, ups ...

Debian Bug report logs - #883528 libextractor: CVE-2017-17440: various null pointer dereferences in GIF, IT, NSFE, S3M, SID and XM plugins Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Mon, 4 Dec 2017 19:15:01 UTC S ...

GNU Libextractor 16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractorc ...

CWE-476 https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e https://bugs.debian.org/883528#35 http://www.securityfocus.com/bid/102116 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907987

CVE-2017-17440

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect