ID CVE-2006-2458
Summary Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
References
Vulnerable Configurations
  • cpe:2.3:a:libextractor:libextractor:0.5.13
    cpe:2.3:a:libextractor:libextractor:0.5.13
CVSS
Base: 4.0 (as of 19-05-2006 - 12:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description libextractor. CVE-2006-2458. Dos exploits for multiple platform
id EDB-ID:1801
last seen 2016-01-31
modified 2006-05-17
published 2006-05-17
reporter Luigi Auriemma
source https://www.exploit-db.com/download/1801/
title libextractor <= 0.5.13 - Multiple Heap Overflow PoC Exploits
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200605-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-200605-14 (libextractor: Two heap-based buffer overflows) Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asf_read_header function in the ASF plugin, and the other occurs in the parse_trak_atom function in the Qt plugin. Impact : By enticing a user to open a malformed file using an application that employs libextractor and its ASF or Qt plugins, an attacker could execute arbitrary code in the context of the application running the affected library. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 21578
    published 2006-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21578
    title GLSA-200605-14 : libextractor: Two heap-based buffer overflows
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1081.NASL
    description Luigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files, which can lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22623
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22623
    title Debian DSA-1081-1 : libextractor - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXTRACTOR-1426.NASL
    description Fix heap overflow in the asf plugin (CVE-2006-2458) [# 176280]. Fix heap overflow in the qt plugin (CVE-2006-2458) [# 176280].
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27321
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27321
    title openSUSE 10 Security Update : libextractor (libextractor-1426)
refmap via4
bid 18021
bugtraq 20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)
confirm http://gnunet.org/libextractor/
debian DSA-1081
gentoo GLSA-200605-14
sectrack 1016118
secunia
  • 20150
  • 20160
  • 20326
  • 20457
sreason 916
suse SUSE-SR:2006:012
vupen ADV-2006-1848
xf
  • libextractor-asfextractor-bo(26531)
  • libextractor-qtextractor-bo(26532)
Last major update 07-03-2011 - 21:36
Published 18-05-2006 - 19:02
Last modified 18-10-2018 - 12:40
Back to Top