ID DEBIAN:DLA-1616-1:BAC72 Type debian Reporter Debian Modified 2018-12-24T18:17:46
Description
Package : libextractor
Version : 1:1.3-2+deb8u4
CVE ID : CVE-2018-20430 CVE-2018-20431
Debian Bug : 917214 917213
Two security issues were discovered in libextractor, a library for
extracting meta data from files of arbitrary type. An out-of-bounds
read in common/convert.c and a NULL Pointer Dereference in the OLE2
extractor may lead to a denial-of-service (application crash).
For Debian 8 "Jessie", these problems have been fixed in version
1:1.3-2+deb8u4.
We recommend that you upgrade your libextractor packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
{"id": "DEBIAN:DLA-1616-1:BAC72", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 1616-1] libextractor security update", "description": "Package : libextractor\nVersion : 1:1.3-2+deb8u4\nCVE ID : CVE-2018-20430 CVE-2018-20431\nDebian Bug : 917214 917213\n\nTwo security issues were discovered in libextractor, a library for\nextracting meta data from files of arbitrary type. An out-of-bounds\nread in common/convert.c and a NULL Pointer Dereference in the OLE2\nextractor may lead to a denial-of-service (application crash).\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:1.3-2+deb8u4.\n\nWe recommend that you upgrade your libextractor packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "published": "2018-12-24T18:17:46", "modified": "2018-12-24T18:17:46", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201812/msg00015.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2018-20430", "CVE-2018-20431"], "type": "debian", "lastseen": "2020-08-12T00:51:53", "edition": 15, "viewCount": 54, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-20431", "CVE-2018-20430"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1616.NASL", "DEBIAN_DSA-4361.NASL", "UBUNTU_USN-4641-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704361", "OPENVAS:1361412562310891616"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4361-1:E7EFE"]}, {"type": "ubuntu", "idList": ["USN-4641-1"]}], "modified": "2020-08-12T00:51:53", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2020-08-12T00:51:53", "rev": 2}, "vulnersScore": 6.2}, "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libextractor-dev_1:1.3-2+deb8u4_all.deb", "packageName": "libextractor-dev", "packageVersion": "1:1.3-2+deb8u4"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "extract_1:1.3-2+deb8u4_all.deb", "packageName": "extract", "packageVersion": "1:1.3-2+deb8u4"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libextractor-dbg_1:1.3-2+deb8u4_all.deb", "packageName": "libextractor-dbg", "packageVersion": "1:1.3-2+deb8u4"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libextractor3_1:1.3-2+deb8u4_all.deb", "packageName": "libextractor3", "packageVersion": "1:1.3-2+deb8u4"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libextractor_1:1.3-2+deb8u4_all.deb", "packageName": "libextractor", "packageVersion": "1:1.3-2+deb8u4"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T06:52:35", "description": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-12-24T05:29:00", "title": "CVE-2018-20430", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20430"], "modified": "2019-01-11T19:07:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:libextractor:1.8", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-20430", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20430", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libextractor:1.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:35", "description": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-12-24T05:29:00", "title": "CVE-2018-20431", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20431"], "modified": "2019-01-10T19:41:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:libextractor:1.8", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-20431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libextractor:1.8:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T09:40:12", "description": "Two security issues were discovered in libextractor, a library for\nextracting meta data from files of arbitrary type. An out-of-bounds\nread in common/convert.c and a NULL pointer Dereference in the OLE2\nextractor may lead to a denial of service (application crash).\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:1.3-2+deb8u4.\n\nWe recommend that you upgrade your libextractor packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-27T00:00:00", "title": "Debian DLA-1616-1 : libextractor security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20430", "CVE-2018-20431"], "modified": "2018-12-27T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libextractor-dev", "p-cpe:/a:debian:debian_linux:libextractor3", "p-cpe:/a:debian:debian_linux:extract", "p-cpe:/a:debian:debian_linux:libextractor-dbg"], "id": "DEBIAN_DLA-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/119876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1616-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119876);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-20430\", \"CVE-2018-20431\");\n\n script_name(english:\"Debian DLA-1616-1 : libextractor security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security issues were discovered in libextractor, a library for\nextracting meta data from files of arbitrary type. An out-of-bounds\nread in common/convert.c and a NULL pointer Dereference in the OLE2\nextractor may lead to a denial of service (application crash).\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:1.3-2+deb8u4.\n\nWe recommend that you upgrade your libextractor packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libextractor\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libextractor-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libextractor-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libextractor3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"extract\", reference:\"1:1.3-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libextractor-dbg\", reference:\"1:1.3-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libextractor-dev\", reference:\"1:1.3-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libextractor3\", reference:\"1:1.3-2+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-23T23:09:45", "description": "Several vulnerabilities were discovered in libextractor, a library to\nextract arbitrary meta-data from files, which may lead to denial of\nservice or memory disclosure if a malformed OLE file is processed.", "edition": 12, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-31T00:00:00", "title": "Debian DSA-4361-1 : libextractor - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20430", "CVE-2018-20431"], "modified": "2018-12-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libextractor", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4361.NASL", "href": "https://www.tenable.com/plugins/nessus/119943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4361. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119943);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/23\");\n\n script_cve_id(\"CVE-2018-20430\", \"CVE-2018-20431\");\n script_xref(name:\"DSA\", value:\"4361\");\n\n script_name(english:\"Debian DSA-4361-1 : libextractor - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libextractor, a library to\nextract arbitrary meta-data from files, which may lead to denial of\nservice or memory disclosure if a malformed OLE file is processed.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/libextractor\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd14df80\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libextractor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4361\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libextractor packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:1.3-4+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libextractor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"extract\", reference:\"1:1.3-4+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libextractor-dbg\", reference:\"1:1.3-4+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libextractor-dev\", reference:\"1:1.3-4+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libextractor3\", reference:\"1:1.3-4+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-02T15:17:54", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4641-1 advisory.\n\n - In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via\n a zero sample rate. (CVE-2017-15266)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.\n (CVE-2017-15267)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function\n of plugins/nsf_extractor.c. (CVE-2017-15600)\n\n - In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method\n function in plugins/png_extractor.c, related to processiTXt and stndup. (CVE-2017-15601)\n\n - In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the\n EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a\n crafted size. (CVE-2017-15602)\n\n - In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in\n plugins/dvi_extractor.c. (CVE-2017-15922)\n\n - GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM\n (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in\n plugins/xm_extractor.c. (CVE-2017-17440)\n\n - GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).\n (CVE-2018-14346)\n\n - GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method\n (mpeg_extractor.c). (CVE-2018-14347)\n\n - GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in\n zip_extractor.c. (CVE-2018-16430)\n\n - GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in\n plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.\n (CVE-2018-20430)\n\n - GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function\n process_metadata() in plugins/ole2_extractor.c. (CVE-2018-20431)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-24T00:00:00", "title": "Ubuntu 16.04 LTS : libextractor vulnerabilities (USN-4641-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20430", "CVE-2018-16430", "CVE-2018-14346", "CVE-2017-15267", "CVE-2017-15922", "CVE-2018-14347", "CVE-2017-17440", "CVE-2017-15600", "CVE-2017-15266", "CVE-2018-20431", "CVE-2017-15602", "CVE-2017-15601"], "modified": "2020-11-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libextractor-dev", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:extract", "p-cpe:/a:canonical:ubuntu_linux:libextractor3"], "id": "UBUNTU_USN-4641-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143215", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4641-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143215);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\n \"CVE-2017-15266\",\n \"CVE-2017-15267\",\n \"CVE-2017-15600\",\n \"CVE-2017-15601\",\n \"CVE-2017-15602\",\n \"CVE-2017-15922\",\n \"CVE-2017-17440\",\n \"CVE-2018-14346\",\n \"CVE-2018-14347\",\n \"CVE-2018-16430\",\n \"CVE-2018-20430\",\n \"CVE-2018-20431\"\n );\n script_bugtraq_id(\n 101271,\n 101272,\n 101529,\n 101534,\n 101536,\n 101595,\n 102116,\n 105254,\n 106300\n );\n script_xref(name:\"USN\", value:\"4641-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : libextractor vulnerabilities (USN-4641-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4641-1 advisory.\n\n - In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via\n a zero sample rate. (CVE-2017-15266)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.\n (CVE-2017-15267)\n\n - In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function\n of plugins/nsf_extractor.c. (CVE-2017-15600)\n\n - In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method\n function in plugins/png_extractor.c, related to processiTXt and stndup. (CVE-2017-15601)\n\n - In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the\n EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a\n crafted size. (CVE-2017-15602)\n\n - In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in\n plugins/dvi_extractor.c. (CVE-2017-15922)\n\n - GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM\n (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in\n plugins/xm_extractor.c. (CVE-2017-17440)\n\n - GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).\n (CVE-2018-14346)\n\n - GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method\n (mpeg_extractor.c). (CVE-2018-14347)\n\n - GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in\n zip_extractor.c. (CVE-2018-16430)\n\n - GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in\n plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.\n (CVE-2018-20430)\n\n - GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function\n process_metadata() in plugins/ole2_extractor.c. (CVE-2018-20431)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4641-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected extract, libextractor-dev and / or libextractor3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16430\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libextractor-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libextractor3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'extract', 'pkgver': '1:1.3-4+deb9u3build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libextractor-dev', 'pkgver': '1:1.3-4+deb9u3build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libextractor3', 'pkgver': '1:1.3-4+deb9u3build0.16.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'extract / libextractor-dev / libextractor3');\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:11:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20430", "CVE-2018-20431"], "description": "Two security issues were discovered in libextractor, a library for\nextracting meta data from files of arbitrary type. An out-of-bounds\nread in common/convert.c and a NULL Pointer Dereference in the OLE2\nextractor may lead to a denial-of-service (application crash).", "modified": "2020-01-29T00:00:00", "published": "2018-12-28T00:00:00", "id": "OPENVAS:1361412562310891616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891616", "type": "openvas", "title": "Debian LTS: Security Advisory for libextractor (DLA-1616-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891616\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-20430\", \"CVE-2018-20431\");\n script_name(\"Debian LTS: Security Advisory for libextractor (DLA-1616-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-28 00:00:00 +0100 (Fri, 28 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libextractor on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:1.3-2+deb8u4.\n\nWe recommend that you upgrade your libextractor packages.\");\n\n script_tag(name:\"summary\", value:\"Two security issues were discovered in libextractor, a library for\nextracting meta data from files of arbitrary type. An out-of-bounds\nread in common/convert.c and a NULL Pointer Dereference in the OLE2\nextractor may lead to a denial-of-service (application crash).\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"extract\", ver:\"1:1.3-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libextractor-dbg\", ver:\"1:1.3-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libextractor-dev\", ver:\"1:1.3-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libextractor3\", ver:\"1:1.3-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-04T18:55:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20430", "CVE-2018-20431"], "description": "Several vulnerabilities were discovered in libextractor, a library to\nextract arbitrary meta-data from files, which may lead to denial of\nservice or memory disclosure if a malformed OLE file is processed.", "modified": "2019-07-04T00:00:00", "published": "2018-12-28T00:00:00", "id": "OPENVAS:1361412562310704361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704361", "type": "openvas", "title": "Debian Security Advisory DSA 4361-1 (libextractor - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4361-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704361\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-20430\", \"CVE-2018-20431\");\n script_name(\"Debian Security Advisory DSA 4361-1 (libextractor - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-12-28 00:00:00 +0100 (Fri, 28 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4361.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"libextractor on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1:1.3-4+deb9u3.\n\nWe recommend that you upgrade your libextractor packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/libextractor\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in libextractor, a library to\nextract arbitrary meta-data from files, which may lead to denial of\nservice or memory disclosure if a malformed OLE file is processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"extract\", ver:\"1:1.3-4+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libextractor-dbg\", ver:\"1:1.3-4+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libextractor-dev\", ver:\"1:1.3-4+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libextractor3\", ver:\"1:1.3-4+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-01-24T13:18:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20430", "CVE-2018-20431"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4361-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 28, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libextractor\nCVE ID : CVE-2018-20430 CVE-2018-20431\n\nSeveral vulnerabilities were discovered in libextractor, a library to\nextract arbitrary meta-data from files, which may lead to denial of\nservice or memory disclosure if a malformed OLE file is processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:1.3-4+deb9u3.\n\nWe recommend that you upgrade your libextractor packages.\n\nFor the detailed security status of libextractor please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libextractor\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 13, "modified": "2018-12-28T22:10:43", "published": "2018-12-28T22:10:43", "id": "DEBIAN:DSA-4361-1:E7EFE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00294.html", "title": "[SECURITY] [DSA 4361-1] libextractor security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-11-23T22:51:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20430", "CVE-2018-16430", "CVE-2018-14346", "CVE-2017-15267", "CVE-2017-15922", "CVE-2018-14347", "CVE-2017-17440", "CVE-2017-15600", "CVE-2017-15266", "CVE-2018-20431", "CVE-2017-15602", "CVE-2017-15601"], "description": "It was discovered that Libextractor incorrectly handled zero sample rate. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2017-15266)\n\nIt was discovered that Libextractor incorrectly handled certain FLAC \nmetadata. An attacker could possibly use this issue to cause a denial of \nservice. (CVE-2017-15267)\n\nIt was discovered that Libextractor incorrectly handled certain specially \ncrafted files. An attacker could possibly use this issue to cause a denial \nof service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)\n\nIt was discovered that Libextractor incorrectly handled certain inputs. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2017-15601)\n\nIt was discovered that Libextractor incorrectly handled integers. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2017-15602)\n\nIt was discovered that Libextractore incorrectly handled certain crafted \nfiles. An attacker could possibly use this issue to cause a denial of \nservice. (CVE-2017-15922)\n\nIt was discovered tha Libextractor incorrectly handled certain files. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2017-17440)\n\nIt was discovered that Libextractor incorrectly handled certain malformed \nfiles. An attacker could possibly use this issue to cause a denial of \nservice. (CVE-2018-14346)\n\nIt was discovered that Libextractor incorrectly handled malformed files. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2018-14347)\n\nIt was discovered that Libextractor incorrectly handled metadata. An \nattacker could possibly use this issue to cause a denial of service. \n(CVE-2018-20431)", "edition": 1, "modified": "2020-11-23T00:00:00", "published": "2020-11-23T00:00:00", "id": "USN-4641-1", "href": "https://ubuntu.com/security/notices/USN-4641-1", "title": "libextractor vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
