ID CVE-2017-17440
Summary GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:libextractor:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libextractor:1.6:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-12-2017 - 14:20)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 102116
misc
Last major update 22-12-2017 - 14:20
Published 06-12-2017 - 17:29
Last modified 22-12-2017 - 14:20
Back to Top