CVE-2006-2458
published 2006-05-18CVE-2006-2458: Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function…
medium4CVSS 3.1
AVNACHAuNCPIPAN
EXPLOIT
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libextractor | < libextractor 0.5.14-1 (bookworm) | libextractor 0.5.14-1 (bookworm) |
| gnu | libextractor | >= 0 < 0.5.14-1 | 0.5.14-1 |
| gnu | libextractor | >= 0 < 0.5.14-1 | 0.5.14-1 |
| gnu | libextractor | >= 0 < 0.5.14-1 | 0.5.14-1 |
| gnu | libextractor | >= 0 < 0.5.14-1 | 0.5.14-1 |
| libextractor | libextractor | — | — |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:N
osv4.0MEDIUM