ID ASA-201807-16 Type archlinux Reporter ArchLinux Modified 2018-07-26T00:00:00
Description
Arch Linux Security Advisory ASA-201807-16
Severity: Medium
Date : 2018-07-26
CVE-ID : CVE-2017-17440
Package : libextractor
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-541
Summary
The package libextractor before version 1.7-1 is vulnerable to denial
of service.
Resolution
Upgrade to 1.7-1.
pacman -Syu "libextractor>=1.7-1"
The problem has been fixed upstream in version 1.7.
Workaround
None.
Description
GNU Libextractor 1.6 allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM
(eXtended Module) file, as demonstrated by the
EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
Impact
A remote attacker is able to crash the application via a specially
crafted file.
{"id": "ASA-201807-16", "type": "archlinux", "bulletinFamily": "unix", "title": "[ASA-201807-16] libextractor: denial of service", "description": "Arch Linux Security Advisory ASA-201807-16\n==========================================\n\nSeverity: Medium\nDate : 2018-07-26\nCVE-ID : CVE-2017-17440\nPackage : libextractor\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-541\n\nSummary\n=======\n\nThe package libextractor before version 1.7-1 is vulnerable to denial\nof service.\n\nResolution\n==========\n\nUpgrade to 1.7-1.\n\n# pacman -Syu \"libextractor>=1.7-1\"\n\nThe problem has been fixed upstream in version 1.7.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nGNU Libextractor 1.6 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nGIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM\n(eXtended Module) file, as demonstrated by the\nEXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.\n\nImpact\n======\n\nA remote attacker is able to crash the application via a specially\ncrafted file.\n\nReferences\n==========\n\nhttps://bugs.debian.org/883528#35\nhttps://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e\nhttps://security.archlinux.org/CVE-2017-17440", "published": "2018-07-26T00:00:00", "modified": "2018-07-26T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://security.archlinux.org/ASA-201807-16", "reporter": "ArchLinux", "references": ["https://security.archlinux.org/AVG-541", "https://bugs.debian.org/883528#35", "https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e", "https://security.archlinux.org/CVE-2017-17440"], "cvelist": ["CVE-2017-17440"], "lastseen": "2020-09-22T18:36:41", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-17440"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873934", "OPENVAS:1361412562310873942"]}, {"type": "nessus", "idList": ["UBUNTU_USN-4641-1.NASL", "FEDORA_2017-0F3270406C.NASL", "FEDORA_2017-354B9647BA.NASL"]}, {"type": "fedora", "idList": ["FEDORA:119366051047", "FEDORA:0A23A60BCF92"]}, {"type": "ubuntu", "idList": ["USN-4641-1"]}], "modified": "2020-09-22T18:36:41", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2020-09-22T18:36:41", "rev": 2}, "vulnersScore": 6.2}, "affectedPackage": [{"OS": "ArchLinux", "OSVersion": "any", "arch": "any", "packageName": "libextractor", "packageVersion": "1.7-1", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-10-03T13:07:39", "description": "GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-06T17:29:00", "title": "CVE-2017-17440", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17440"], "modified": "2017-12-22T14:20:00", "cpe": ["cpe:/a:gnu:libextractor:1.6"], "id": "CVE-2017-17440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17440", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:libextractor:1.6:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17440"], "description": "libextractor is a simple library for keyword extraction. libextractor does not support all formats but supports a simple plugging mechanism such that you can quickly add extractors for additional formats, even without recompiling libextractor. libextractor typically ships with a dozen helper-libraries that can be used to obtain keywords from common file-types. libextractor is a part of the GNU project (http://www.gnu.org/). ", "modified": "2017-12-19T19:55:38", "published": "2017-12-19T19:55:38", "id": "FEDORA:119366051047", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libextractor-1.6-2.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17440"], "description": "libextractor is a simple library for keyword extraction. libextractor does not support all formats but supports a simple plugging mechanism such that you can quickly add extractors for additional formats, even without recompiling libextractor. libextractor typically ships with a dozen helper-libraries that can be used to obtain keywords from common file-types. libextractor is a part of the GNU project (http://www.gnu.org/). ", "modified": "2017-12-19T21:39:05", "published": "2017-12-19T21:39:05", "id": "FEDORA:0A23A60BCF92", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: libextractor-1.6-2.fc26", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17440"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-20T00:00:00", "id": "OPENVAS:1361412562310873942", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873942", "type": "openvas", "title": "Fedora Update for libextractor FEDORA-2017-0f3270406c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_0f3270406c_libextractor_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libextractor FEDORA-2017-0f3270406c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873942\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-20 07:47:00 +0100 (Wed, 20 Dec 2017)\");\n script_cve_id(\"CVE-2017-17440\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libextractor FEDORA-2017-0f3270406c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libextractor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libextractor on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0f3270406c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC3J6LFSCKEAWA35PBYIP6RLAZIHG342\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libextractor\", rpm:\"libextractor~1.6~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17440"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-20T00:00:00", "id": "OPENVAS:1361412562310873934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873934", "type": "openvas", "title": "Fedora Update for libextractor FEDORA-2017-354b9647ba", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_354b9647ba_libextractor_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libextractor FEDORA-2017-354b9647ba\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873934\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-20 07:46:33 +0100 (Wed, 20 Dec 2017)\");\n script_cve_id(\"CVE-2017-17440\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libextractor FEDORA-2017-354b9647ba\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libextractor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libextractor on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-354b9647ba\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3U4WCFHXI3CPXBAGROGSUWCMG2M4FFG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libextractor\", rpm:\"libextractor~1.6~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:15:13", "description": "Patch for CVE-2017-17440\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-12-20T00:00:00", "title": "Fedora 26 : libextractor (2017-0f3270406c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17440"], "modified": "2017-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libextractor", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-0F3270406C.NASL", "href": "https://www.tenable.com/plugins/nessus/105380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0f3270406c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105380);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17440\");\n script_xref(name:\"FEDORA\", value:\"2017-0f3270406c\");\n\n script_name(english:\"Fedora 26 : libextractor (2017-0f3270406c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Patch for CVE-2017-17440\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f3270406c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libextractor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libextractor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libextractor-1.6-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libextractor\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:15:50", "description": "Patch for CVE-2017-17440\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : libextractor (2017-354b9647ba)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17440"], "modified": "2018-01-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:libextractor"], "id": "FEDORA_2017-354B9647BA.NASL", "href": "https://www.tenable.com/plugins/nessus/105854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-354b9647ba.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105854);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17440\");\n script_xref(name:\"FEDORA\", value:\"2017-354b9647ba\");\n\n script_name(english:\"Fedora 27 : libextractor (2017-354b9647ba)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Patch for CVE-2017-17440\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-354b9647ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libextractor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libextractor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libextractor-1.6-2.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libextractor\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-02T15:17:54", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4641-1 advisory.\n\n - In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via\n a zero sample rate. (CVE-2017-15266)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.\n (CVE-2017-15267)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function\n of plugins/nsf_extractor.c. (CVE-2017-15600)\n\n - In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method\n function in plugins/png_extractor.c, related to processiTXt and stndup. (CVE-2017-15601)\n\n - In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the\n EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a\n crafted size. (CVE-2017-15602)\n\n - In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in\n plugins/dvi_extractor.c. (CVE-2017-15922)\n\n - GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM\n (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in\n plugins/xm_extractor.c. (CVE-2017-17440)\n\n - GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).\n (CVE-2018-14346)\n\n - GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method\n (mpeg_extractor.c). (CVE-2018-14347)\n\n - GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in\n zip_extractor.c. (CVE-2018-16430)\n\n - GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in\n plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.\n (CVE-2018-20430)\n\n - GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function\n process_metadata() in plugins/ole2_extractor.c. (CVE-2018-20431)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-24T00:00:00", "title": "Ubuntu 16.04 LTS : libextractor vulnerabilities (USN-4641-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20430", "CVE-2018-16430", "CVE-2018-14346", "CVE-2017-15267", "CVE-2017-15922", "CVE-2018-14347", "CVE-2017-17440", "CVE-2017-15600", "CVE-2017-15266", "CVE-2018-20431", "CVE-2017-15602", "CVE-2017-15601"], "modified": "2020-11-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libextractor-dev", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:extract", "p-cpe:/a:canonical:ubuntu_linux:libextractor3"], "id": "UBUNTU_USN-4641-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143215", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4641-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143215);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\n \"CVE-2017-15266\",\n \"CVE-2017-15267\",\n \"CVE-2017-15600\",\n \"CVE-2017-15601\",\n \"CVE-2017-15602\",\n \"CVE-2017-15922\",\n \"CVE-2017-17440\",\n \"CVE-2018-14346\",\n \"CVE-2018-14347\",\n \"CVE-2018-16430\",\n \"CVE-2018-20430\",\n \"CVE-2018-20431\"\n );\n script_bugtraq_id(\n 101271,\n 101272,\n 101529,\n 101534,\n 101536,\n 101595,\n 102116,\n 105254,\n 106300\n );\n script_xref(name:\"USN\", value:\"4641-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : libextractor vulnerabilities (USN-4641-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4641-1 advisory.\n\n - In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via\n a zero sample rate. (CVE-2017-15266)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.\n (CVE-2017-15267)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function\n of plugins/nsf_extractor.c. (CVE-2017-15600)\n\n - In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method\n function in plugins/png_extractor.c, related to processiTXt and stndup. (CVE-2017-15601)\n\n - In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the\n EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a\n crafted size. (CVE-2017-15602)\n\n - In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in\n plugins/dvi_extractor.c. (CVE-2017-15922)\n\n - GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM\n (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in\n plugins/xm_extractor.c. (CVE-2017-17440)\n\n - GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).\n (CVE-2018-14346)\n\n - GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method\n (mpeg_extractor.c). (CVE-2018-14347)\n\n - GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in\n zip_extractor.c. (CVE-2018-16430)\n\n - GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in\n plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.\n (CVE-2018-20430)\n\n - GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function\n process_metadata() in plugins/ole2_extractor.c. (CVE-2018-20431)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4641-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected extract, libextractor-dev and / or libextractor3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16430\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libextractor-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libextractor3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'extract', 'pkgver': '1:1.3-4+deb9u3build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libextractor-dev', 'pkgver': '1:1.3-4+deb9u3build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libextractor3', 'pkgver': '1:1.3-4+deb9u3build0.16.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'extract / libextractor-dev / libextractor3');\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-11-23T22:51:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20430", "CVE-2018-16430", "CVE-2018-14346", "CVE-2017-15267", "CVE-2017-15922", "CVE-2018-14347", "CVE-2017-17440", "CVE-2017-15600", "CVE-2017-15266", "CVE-2018-20431", "CVE-2017-15602", "CVE-2017-15601"], "description": "It was discovered that Libextractor incorrectly handled zero sample rate. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2017-15266)\n\nIt was discovered that Libextractor incorrectly handled certain FLAC \nmetadata. An attacker could possibly use this issue to cause a denial of \nservice. (CVE-2017-15267)\n\nIt was discovered that Libextractor incorrectly handled certain specially \ncrafted files. An attacker could possibly use this issue to cause a denial \nof service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)\n\nIt was discovered that Libextractor incorrectly handled certain inputs. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2017-15601)\n\nIt was discovered that Libextractor incorrectly handled integers. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2017-15602)\n\nIt was discovered that Libextractore incorrectly handled certain crafted \nfiles. An attacker could possibly use this issue to cause a denial of \nservice. (CVE-2017-15922)\n\nIt was discovered tha Libextractor incorrectly handled certain files. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2017-17440)\n\nIt was discovered that Libextractor incorrectly handled certain malformed \nfiles. An attacker could possibly use this issue to cause a denial of \nservice. (CVE-2018-14346)\n\nIt was discovered that Libextractor incorrectly handled malformed files. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2018-14347)\n\nIt was discovered that Libextractor incorrectly handled metadata. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2018-20431)", "edition": 1, "modified": "2020-11-23T00:00:00", "published": "2020-11-23T00:00:00", "id": "USN-4641-1", "href": "https://ubuntu.com/security/notices/USN-4641-1", "title": "libextractor vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
