CVE-2019-15531

GNU Libextractor up to version 1.9 is affected by a heap-based buffer over-read in the DVI extractor (EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c). This could enable reading beyond allocated buffers. Public advisories (Debian DLA-2851-1, Mageia MGASA-2020-0015, OpenVAS/Nessus entries,...

CVE-2018-16430

CVE-2018-16430 affects GNU Libextractor up to 1.7, with an out-of-bounds read in EXTRACTOR_zip_extract_method() implemented in zip_extractor.c. The vulnerability arises from handling ZIP File Comment fields, as indicated by multiple advisories and vendor notices (Debian, Mageia, Ubuntu). Impact i...

CVE-2018-14346

CVE-2018-14346 affects GNU Libextractor: a stack-based buffer overflow in ec_read_file_func (unzip.c) present in versions before 1.7. Multiple connected sources (Ubuntu/Debian/Mageia/OpenVAS/Nessus OSV entries) indicate the issue can lead to denial of service and, in some disclosures, arbitrary c...

CVE-2017-15602

GNU Libextractor 1.4 contains a signedness error in EXTRACTOR_nsfe_extract_method (plugins/nsfe_extractor.c) that can cause an infinite loop when given a crafted chunk size. Affected component is the nsfe_extractor, with the root cause described as an integer signedness issue for chunk size. The ...

CVE-2018-20431

CVE-2018-20431 is a NULL pointer dereference in GNU Libextractor

CVE-2017-15266

CVE-2017-15266 affects GNU Libextractor 1.4, where a Divide-By-Zero can occur in wav_extractor.c when a zero sample rate is encountered. Public sources in connected docs confirm this as a Libextractor vulnerability with potential denial-of-service implications. Affected advisories reference multi...

CVE-2018-14347

CVE-2018-14347 affects GNU Libextractor prior to 1.7, with an infinite loop in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). Publicly available documents corroborate the issue under libextractor across multiple distributions, including Debian (DSA-4290) and Mageia advisories, which indicate p...

CVE-2018-20430

CVE-2018-20430 affects GNU Libextractor up to version 1.8, with an out-of-bounds read in history_extract() (plugins/ole2_extractor.c) related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. The issue is reported across multiple advisories and distributions, including Debian DSA-4361 and ...

CVE-2017-15601

CVE-2017-15601: In GNU Libextractor 1.4, there is a heap-based buffer overflow in EXTRACTOR_png_extract_method (plugins/png_extractor.c), related to processiTXt and stndup. Affected as part of Libextractor vulnerabilities tracked across USN/DLA advisories and CNVD entry; impacts include potential...

CVE-2017-15600

CVE-2017-15600 affects GNU Libextractor version 1.4 and involves a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function (plugins/nsf_extractor.c). The issue can cause a denial of service via a crash when processing certain inputs. The initial description and connected documents c...

CVE-2017-17440

CVE-2017-17440 affects GNU Libextractor 1.6, where processing crafted GIF, IT, NSFE, S3M, SID, or XM files can trigger a NULL pointer dereference and crash (denial of service). Multiple advisories confirm the vulnerability in Libextractor 1.6 and note upstream fixes; a Debian/Arch/Mageia/Fedora/U...

CVE-2017-15267

CVE-2017-15267 involves a NULL pointer dereference in flac_metadata within flac_extractor.c of GNU Libextractor 1.4. Connected advisories (Ubuntu USN-4641-1, Debian DLA-1198-1, OSV/OPENVAS entries) confirm this Libextractor vulnerability and list CVE-2017-15267 among affected issues; some sources...

CVE-2017-15922

CVE-2017-15922 is an out-of-bounds read vulnerability in GNU Libextractor. The flaw affects the DVI extractor (EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c), enabling a crafted DVI input to crash the application (DoS) or potentially impact stability. Public sources in the connected doc...