Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
39 vulnerabilities found for libextractor by gnu
FKIE_CVE-2019-15531
Vulnerability from fkie_nvd - Published: 2019-08-23 17:15 - Updated: 2024-11-21 04:28
Severity ?
Summary
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72D05BEA-627F-4918-87FC-DAE43B2D93EF",
"versionEndIncluding": "1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c."
},
{
"lang": "es",
"value": "GNU Libextractor hasta la versi\u00f3n 1.9 tiene una sobre-lectura de b\u00fafer basada en el mont\u00f3n en la funci\u00f3n EXTRACTOR_dvi_extract_method en plugins / dvi_extractor.c."
}
],
"id": "CVE-2019-15531",
"lastModified": "2024-11-21T04:28:56.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-23T17:15:14.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20430
Vulnerability from fkie_nvd - Published: 2018-12-24 05:29 - Updated: 2024-11-21 04:01
Severity ?
Summary
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADAEB72-05A1-4C6F-B98B-A7FE949E0498",
"versionEndIncluding": "1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c."
},
{
"lang": "es",
"value": "GNU Libextractor, hasta la versi\u00f3n 1.8, tiene una vulnerabilidad de lectura fuera de l\u00edmites en la funci\u00f3n history_extract() en plugins/ole2_extractor.c, relacionada con EXTRACTOR_common_convert_to_utf8 en common/convert.c."
}
],
"id": "CVE-2018-20430",
"lastModified": "2024-11-21T04:01:27.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-24T05:29:01.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5493"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20431
Vulnerability from fkie_nvd - Published: 2018-12-24 05:29 - Updated: 2024-11-21 04:01
Severity ?
Summary
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADAEB72-05A1-4C6F-B98B-A7FE949E0498",
"versionEndIncluding": "1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c."
},
{
"lang": "es",
"value": "GNU Libextractor, hasta la versi\u00f3n 1.8, tiene una desreferencia de puntero NULL en la funci\u00f3n process_metadata() en plugins/ole2_extractor.c."
}
],
"id": "CVE-2018-20431",
"lastModified": "2024-11-21T04:01:28.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-24T05:29:01.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16430
Vulnerability from fkie_nvd - Published: 2018-09-04 00:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22FE2AF1-68A8-4C70-A56E-FDCC23830AA4",
"versionEndIncluding": "1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c."
},
{
"lang": "es",
"value": "GNU Libextractor hasta la versi\u00f3n 1.7 tiene una vulnerabilidad de lectura fuera de l\u00edmites en EXTRACTOR_zip_extract_method() en zip_extractor.c."
}
],
"id": "CVE-2018-16430",
"lastModified": "2024-11-21T03:52:44.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T00:29:01.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105254"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-14346
Vulnerability from fkie_nvd - Published: 2018-07-17 15:29 - Updated: 2024-11-21 03:48
Severity ?
Summary
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html | Exploit, Mailing List, Vendor Advisory | |
| cve@mitre.org | https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4290 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4290 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| gnu | libextractor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B41A6203-B4E3-4B62-B219-D6E6E19508F4",
"versionEndExcluding": "1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c)."
},
{
"lang": "es",
"value": "GNU Libextractor en versiones anteriores a la 1.7 tiene un desbordamiento de b\u00fafer basado en pila en ec_read_file_func (unzip.c)."
}
],
"id": "CVE-2018-14346",
"lastModified": "2024-11-21T03:48:52.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-17T15:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-14347
Vulnerability from fkie_nvd - Published: 2018-07-17 15:29 - Updated: 2024-11-21 03:48
Severity ?
Summary
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| gnu | libextractor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B41A6203-B4E3-4B62-B219-D6E6E19508F4",
"versionEndExcluding": "1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c)."
},
{
"lang": "es",
"value": "GNU Libextractor en versiones anteriores a la 1.7 contiene una vulnerabilidad de bucle infinito en EXTRACTOR_mpeg_extract_method (mpeg_extractor.c)."
}
],
"id": "CVE-2018-14347",
"lastModified": "2024-11-21T03:48:52.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-17T15:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-17440
Vulnerability from fkie_nvd - Published: 2017-12-06 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | 1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDB35-1F7B-4F7A-8871-480E61BA8DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c."
},
{
"lang": "es",
"value": "GNU Libextractor 1.6 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicaci\u00f3n) mediante un archivo GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID o XM (eXtended Module) manipulado, como se ha demostrado por la funci\u00f3n EXTRACTOR_xm_extract_method en plugins/xm_extractor.c."
}
],
"id": "CVE-2017-17440",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-06T17:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102116"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/883528#35"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/883528#35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15922
Vulnerability from fkie_nvd - Published: 2017-10-26 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html | Exploit, Mailing List, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/101595 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101595 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51E4746A-DBC3-4EC1-BE84-B6AE934CDB9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c."
},
{
"lang": "es",
"value": "En GNU Libextractor 1.4, existe una lectura fuera de l\u00edmites en la funci\u00f3n EXTRACTOR_dvi_extract_method function en plugins/dvi_extractor.c."
}
],
"id": "CVE-2017-15922",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-26T18:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101595"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15601
Vulnerability from fkie_nvd - Published: 2017-10-18 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51E4746A-DBC3-4EC1-BE84-B6AE934CDB9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup."
},
{
"lang": "es",
"value": "En GNU Libextractor 1.4, hay un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n EXTRACTOR_png_extract_method en plugins/png_extractor.c, relacionado con processiTXt y stndup."
}
],
"id": "CVE-2017-15601",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T21:29:00.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15600
Vulnerability from fkie_nvd - Published: 2017-10-18 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1501695 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz | Product | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1501695 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51E4746A-DBC3-4EC1-BE84-B6AE934CDB9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c."
},
{
"lang": "es",
"value": "En GNU Libextractor 1.4, hay una desreferencia de puntero NULL en la funci\u00f3n EXTRACTOR_nsf_extract_method de plugins/nsf_extractor.c."
}
],
"id": "CVE-2017-15600",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T21:29:00.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501695"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15602
Vulnerability from fkie_nvd - Published: 2017-10-18 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libextractor | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libextractor:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51E4746A-DBC3-4EC1-BE84-B6AE934CDB9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size."
},
{
"lang": "es",
"value": "En GNU Libextractor 1.4, hay un error en la propiedad signedness de un n\u00famero entero para el tama\u00f1o de fragmento en la funci\u00f3n EXTRACTOR_nsfe_extract_method en plugins/nsfe_extractor.c, lo que conduce a un bucle infinito para un tama\u00f1o manipulado."
}
],
"id": "CVE-2017-15602",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T21:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-15531 (GCVE-0-2019-15531)
Vulnerability from cvelistv5 – Published: 2019-08-23 16:03 – Updated: 2024-08-05 00:49
VLAI?
Summary
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"name": "[debian-lts-announce] 20190830 [SECURITY] [DLA 1904-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"name": "FEDORA-2019-62b65ed7f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"name": "FEDORA-2019-5628767261",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"name": "FEDORA-2019-b467cab3c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2851-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T21:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"name": "[debian-lts-announce] 20190830 [SECURITY] [DLA 1904-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"name": "FEDORA-2019-62b65ed7f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"name": "FEDORA-2019-5628767261",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"name": "FEDORA-2019-b467cab3c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2851-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gnunet.org/view.php?id=5846",
"refsource": "MISC",
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"name": "[debian-lts-announce] 20190830 [SECURITY] [DLA 1904-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"name": "FEDORA-2019-62b65ed7f6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"name": "FEDORA-2019-5628767261",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"name": "FEDORA-2019-b467cab3c8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2851-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15531",
"datePublished": "2019-08-23T16:03:07.000Z",
"dateReserved": "2019-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:49:13.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20431 (GCVE-0-2018-20431)
Vulnerability from cvelistv5 – Published: 2018-12-24 05:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2018-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-29T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gnunet.org/bugs/view.php?id=5494",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"name": "https://gnunet.org/git/libextractor.git/tree/ChangeLog",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"name": "106300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20431",
"datePublished": "2018-12-24T05:00:00.000Z",
"dateReserved": "2018-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:19.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20430 (GCVE-0-2018-20430)
Vulnerability from cvelistv5 – Published: 2018-12-24 05:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2018-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-29T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5493"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"name": "https://gnunet.org/git/libextractor.git/tree/ChangeLog",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "106300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106300"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"name": "https://gnunet.org/bugs/view.php?id=5493",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5493"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20430",
"datePublished": "2018-12-24T05:00:00.000Z",
"dateReserved": "2018-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:19.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16430 (GCVE-0-2018-16430)
Vulnerability from cvelistv5 – Published: 2018-09-04 00:00 – Updated: 2024-08-05 10:24
VLAI?
Summary
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "105254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105254"
},
{
"name": "[debian-lts-announce] 20180911 [SECURITY] [DLA 1501-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "105254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105254"
},
{
"name": "[debian-lts-announce] 20180911 [SECURITY] [DLA 1501-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4290",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "105254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105254"
},
{
"name": "[debian-lts-announce] 20180911 [SECURITY] [DLA 1501-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"name": "https://gnunet.org/bugs/view.php?id=5405",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16430",
"datePublished": "2018-09-04T00:00:00.000Z",
"dateReserved": "2018-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14346 (GCVE-0-2018-14346)
Vulnerability from cvelistv5 – Published: 2018-07-17 15:00 – Updated: 2024-08-05 09:21
VLAI?
Summary
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4290",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14346",
"datePublished": "2018-07-17T15:00:00.000Z",
"dateReserved": "2018-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:21:41.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14347 (GCVE-0-2018-14347)
Vulnerability from cvelistv5 – Published: 2018-07-17 15:00 – Updated: 2024-08-05 09:21
VLAI?
Summary
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4290",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "https://gnunet.org/bugs/view.php?id=5399",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14347",
"datePublished": "2018-07-17T15:00:00.000Z",
"dateReserved": "2018-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:21:41.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17440 (GCVE-0-2017-17440)
Vulnerability from cvelistv5 – Published: 2017-12-06 17:00 – Updated: 2024-08-05 20:51
VLAI?
Summary
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2017-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/883528#35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"name": "102116",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-09T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/883528#35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"name": "102116",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"name": "https://bugs.debian.org/883528#35",
"refsource": "MISC",
"url": "https://bugs.debian.org/883528#35"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"name": "102116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102116"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17440",
"datePublished": "2017-12-06T17:00:00.000Z",
"dateReserved": "2017-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:51:31.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15922 (GCVE-0-2017-15922)
Vulnerability from cvelistv5 – Published: 2017-10-26 18:00 – Updated: 2024-08-05 20:04
VLAI?
Summary
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2017-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101595",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101595",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101595"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15922",
"datePublished": "2017-10-26T18:00:00.000Z",
"dateReserved": "2017-10-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:04:50.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15602 (GCVE-0-2017-15602)
Vulnerability from cvelistv5 – Published: 2017-10-18 21:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2017-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"name": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz",
"refsource": "MISC",
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15602",
"datePublished": "2017-10-18T21:00:00.000Z",
"dateReserved": "2017-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:27.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15601 (GCVE-0-2017-15601)
Vulnerability from cvelistv5 – Published: 2017-10-18 21:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2017-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz",
"refsource": "MISC",
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15601",
"datePublished": "2017-10-18T21:00:00.000Z",
"dateReserved": "2017-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:27.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15531 (GCVE-0-2019-15531)
Vulnerability from nvd – Published: 2019-08-23 16:03 – Updated: 2024-08-05 00:49
VLAI?
Summary
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"name": "[debian-lts-announce] 20190830 [SECURITY] [DLA 1904-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"name": "FEDORA-2019-62b65ed7f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"name": "FEDORA-2019-5628767261",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"name": "FEDORA-2019-b467cab3c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2851-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T21:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"name": "[debian-lts-announce] 20190830 [SECURITY] [DLA 1904-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"name": "FEDORA-2019-62b65ed7f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"name": "FEDORA-2019-5628767261",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"name": "FEDORA-2019-b467cab3c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2851-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gnunet.org/view.php?id=5846",
"refsource": "MISC",
"url": "https://bugs.gnunet.org/view.php?id=5846"
},
{
"name": "[debian-lts-announce] 20190830 [SECURITY] [DLA 1904-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html"
},
{
"name": "FEDORA-2019-62b65ed7f6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/"
},
{
"name": "FEDORA-2019-5628767261",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/"
},
{
"name": "FEDORA-2019-b467cab3c8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2851-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15531",
"datePublished": "2019-08-23T16:03:07.000Z",
"dateReserved": "2019-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:49:13.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20431 (GCVE-0-2018-20431)
Vulnerability from nvd – Published: 2018-12-24 05:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2018-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-29T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gnunet.org/bugs/view.php?id=5494",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5494"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"name": "https://gnunet.org/git/libextractor.git/tree/ChangeLog",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7"
},
{
"name": "106300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20431",
"datePublished": "2018-12-24T05:00:00.000Z",
"dateReserved": "2018-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:19.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20430 (GCVE-0-2018-20430)
Vulnerability from nvd – Published: 2018-12-24 05:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2018-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-29T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "106300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5493"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html"
},
{
"name": "DSA-4361",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4361"
},
{
"name": "https://gnunet.org/git/libextractor.git/tree/ChangeLog",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog"
},
{
"name": "106300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106300"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110"
},
{
"name": "https://gnunet.org/bugs/view.php?id=5493",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5493"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20430",
"datePublished": "2018-12-24T05:00:00.000Z",
"dateReserved": "2018-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:19.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16430 (GCVE-0-2018-16430)
Vulnerability from nvd – Published: 2018-09-04 00:00 – Updated: 2024-08-05 10:24
VLAI?
Summary
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "105254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105254"
},
{
"name": "[debian-lts-announce] 20180911 [SECURITY] [DLA 1501-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "105254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105254"
},
{
"name": "[debian-lts-announce] 20180911 [SECURITY] [DLA 1501-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4290",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "105254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105254"
},
{
"name": "[debian-lts-announce] 20180911 [SECURITY] [DLA 1501-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00011.html"
},
{
"name": "https://gnunet.org/bugs/view.php?id=5405",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5405"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16430",
"datePublished": "2018-09-04T00:00:00.000Z",
"dateReserved": "2018-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14346 (GCVE-0-2018-14346)
Vulnerability from nvd – Published: 2018-07-17 15:00 – Updated: 2024-08-05 09:21
VLAI?
Summary
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4290",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14346",
"datePublished": "2018-07-17T15:00:00.000Z",
"dateReserved": "2018-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:21:41.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14347 (GCVE-0-2018-14347)
Vulnerability from nvd – Published: 2018-07-17 15:00 – Updated: 2024-08-05 09:21
VLAI?
Summary
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4290",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4290"
},
{
"name": "https://gnunet.org/bugs/view.php?id=5399",
"refsource": "MISC",
"url": "https://gnunet.org/bugs/view.php?id=5399"
},
{
"name": "[debian-lts-announce] 20180826 [SECURITY] [DLA-1478-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14347",
"datePublished": "2018-07-17T15:00:00.000Z",
"dateReserved": "2018-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:21:41.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17440 (GCVE-0-2017-17440)
Vulnerability from nvd – Published: 2017-12-06 17:00 – Updated: 2024-08-05 20:51
VLAI?
Summary
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2017-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/883528#35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"name": "102116",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-09T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/883528#35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"name": "102116",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html"
},
{
"name": "https://bugs.debian.org/883528#35",
"refsource": "MISC",
"url": "https://bugs.debian.org/883528#35"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html"
},
{
"name": "102116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102116"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html"
},
{
"name": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e",
"refsource": "MISC",
"url": "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e"
},
{
"name": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17440",
"datePublished": "2017-12-06T17:00:00.000Z",
"dateReserved": "2017-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:51:31.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15922 (GCVE-0-2017-15922)
Vulnerability from nvd – Published: 2017-10-26 18:00 – Updated: 2024-08-05 20:04
VLAI?
Summary
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2017-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101595",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101595",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101595"
},
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15922",
"datePublished": "2017-10-26T18:00:00.000Z",
"dateReserved": "2017-10-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:04:50.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15602 (GCVE-0-2017-15602)
Vulnerability from nvd – Published: 2017-10-18 21:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2017-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html"
},
{
"name": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz",
"refsource": "MISC",
"url": "https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz"
},
{
"name": "[debian-lts-announce] 20171204 [SECURITY] [DLA 1198-1] libextractor security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15602",
"datePublished": "2017-10-18T21:00:00.000Z",
"dateReserved": "2017-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:27.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}