CVE-2017-15266

CWE-3698 documents7 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 41.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libextractor

Timeline

PublishedOct 11

Latest updateMay 14

Description

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianlibextractor< 1:1.6-1+3

▶Ubuntulibextractor< 1:1.3-4+deb9u3build0.16.04.1

▶NVDgnu/libextractor1.4

Patches

Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-779v-r8gr-3gpc: In GNU Libextractor 1↗2022-05-14

▶

OSV

libextractor vulnerabilities↗2020-11-23

▶

OSV

CVE-2017-15266: In GNU Libextractor 1↗2017-10-11

▶

CVEList

CVE-2017-15266: In GNU Libextractor 1↗2017-10-11

▶

📋Vendor Advisories

Ubuntu

libextractor vulnerabilities↗2020-11-23

▶

Debian

CVE-2017-15266: libextractor - In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_meth...↗2017

▶

💬Community

Bugzilla

CVE-2017-15266 libextractor: Divide-by-zero in EXTRACTOR_wav_extract_method↗2017-10-26

▶