[SECURITY] [DLA-1478-1] libextractor security update

2018-08-26T13:12:14
ID DEBIAN:DLA-1478-1:62E29
Type debian
Reporter Debian
Modified 2018-08-26T13:12:14

Description

Package : libextractor Version : 1:1.3-2+deb8u2 CVE ID : CVE-2018-14346 CVE-2018-14347 Debian Bug : #904903 #904905

It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type.

  • A stack-based buffer overflow in unzip.c. (CVE-2018-14346)

  • An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347)

For Debian 8 "Jessie", these issues have been fixed in libextractor version 1:1.3-2+deb8u2.

We recommend that you upgrade your libextractor packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-