Package : libextractor Version : 1:1.3-2+deb8u2 CVE ID : CVE-2018-14346 CVE-2018-14347 Debian Bug : #904903 #904905
It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type.
A stack-based buffer overflow in unzip.c. (CVE-2018-14346)
An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347)
For Debian 8 "Jessie", these issues have been fixed in libextractor version 1:1.3-2+deb8u2.
We recommend that you upgrade your libextractor packages.
,''`. : :' : Chris Lamb `. `'` email@example.com / chris-lamb.co.uk `-