5 matches found
CVE-2018-16430
CVE-2018-16430 affects GNU Libextractor up to 1.7, with an out-of-bounds read in EXTRACTOR_zip_extract_method() implemented in zip_extractor.c. The vulnerability arises from handling ZIP File Comment fields, as indicated by multiple advisories and vendor notices (Debian, Mageia, Ubuntu). Impact i...
CVE-2018-14346
CVE-2018-14346 affects GNU Libextractor: a stack-based buffer overflow in ec_read_file_func (unzip.c) present in versions before 1.7. Multiple connected sources (Ubuntu/Debian/Mageia/OpenVAS/Nessus OSV entries) indicate the issue can lead to denial of service and, in some disclosures, arbitrary c...
CVE-2018-14347
CVE-2018-14347 affects GNU Libextractor prior to 1.7, with an infinite loop in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). Publicly available documents corroborate the issue under libextractor across multiple distributions, including Debian (DSA-4290) and Mageia advisories, which indicate p...
CVE-2018-20431
CVE-2018-20431 is a NULL pointer dereference in GNU Libextractor
CVE-2018-20430
CVE-2018-20430 affects GNU Libextractor up to version 1.8, with an out-of-bounds read in history_extract() (plugins/ole2_extractor.c) related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. The issue is reported across multiple advisories and distributions, including Debian DSA-4361 and ...