7 matches found
CVE-2017-15602
GNU Libextractor 1.4 contains a signedness error in EXTRACTOR_nsfe_extract_method (plugins/nsfe_extractor.c) that can cause an infinite loop when given a crafted chunk size. Affected component is the nsfe_extractor, with the root cause described as an integer signedness issue for chunk size. The ...
CVE-2017-15266
CVE-2017-15266 affects GNU Libextractor 1.4, where a Divide-By-Zero can occur in wav_extractor.c when a zero sample rate is encountered. Public sources in connected docs confirm this as a Libextractor vulnerability with potential denial-of-service implications. Affected advisories reference multi...
CVE-2017-15601
CVE-2017-15601: In GNU Libextractor 1.4, there is a heap-based buffer overflow in EXTRACTOR_png_extract_method (plugins/png_extractor.c), related to processiTXt and stndup. Affected as part of Libextractor vulnerabilities tracked across USN/DLA advisories and CNVD entry; impacts include potential...
CVE-2017-15267
CVE-2017-15267 involves a NULL pointer dereference in flac_metadata within flac_extractor.c of GNU Libextractor 1.4. Connected advisories (Ubuntu USN-4641-1, Debian DLA-1198-1, OSV/OPENVAS entries) confirm this Libextractor vulnerability and list CVE-2017-15267 among affected issues; some sources...
CVE-2017-15600
CVE-2017-15600 affects GNU Libextractor version 1.4 and involves a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function (plugins/nsf_extractor.c). The issue can cause a denial of service via a crash when processing certain inputs. The initial description and connected documents c...
CVE-2017-17440
CVE-2017-17440 affects GNU Libextractor 1.6, where processing crafted GIF, IT, NSFE, S3M, SID, or XM files can trigger a NULL pointer dereference and crash (denial of service). Multiple advisories confirm the vulnerability in Libextractor 1.6 and note upstream fixes; a Debian/Arch/Mageia/Fedora/U...
CVE-2017-15922
CVE-2017-15922 is an out-of-bounds read vulnerability in GNU Libextractor. The flaw affects the DVI extractor (EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c), enabling a crafted DVI input to crash the application (DoS) or potentially impact stability. Public sources in the connected doc...