Published: 24/12/2018 Updated: 11/01/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

GNU Libextractor up to and including 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu libextractor
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #917213 libextractor: CVE-2018-20431 Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Dec 2018 08:21:01 UTC Severity: important Tags: patch, security, upstream Found in versions ...

Debian Bug report logs - #917214 libextractor: CVE-2018-20430 Package: src:libextractor; Maintainer for src:libextractor is Bertrand Marc <bmarc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Dec 2018 08:21:07 UTC Severity: important Tags: patch, security, upstream Found in versions ...

Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or memory disclosure if a malformed OLE file is processed For the stable distribution (stretch), these problems have been fixed in version 1:13-4+deb9u3 We recommend that you upgrade your libextractor ...

CWE-125 https://gnunet.org/git/libextractor.git/tree/ChangeLog https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110 https://gnunet.org/bugs/view.php?id=5493 https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html http://www.securityfocus.com/bid/106300 https://www.debian.org/security/2018/dsa-4361 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917213 https://www.debian.org/security/./dsa-4361 https://nvd.nist.gov

CVE-2018-20430

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect