CVE-2017-17440

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libextractor

Timeline

PublishedDec 6

Latest updateMay 14

Description

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianlibextractor< 1:1.6-2+3

▶NVDgnu/libextractor1.6

Patches

Patch: gnunet.org ↗Patch: gnunet.org ↗

🔴Vulnerability Details

GHSA

GHSA-q9jv-j4wg-cw5r: GNU Libextractor 1↗2022-05-14

▶

CVEList

CVE-2017-17440: GNU Libextractor 1↗2017-12-06

▶

OSV

CVE-2017-17440: GNU Libextractor 1↗2017-12-06

▶

📋Vendor Advisories

Ubuntu

libextractor vulnerabilities↗2020-11-23

▶

Debian

CVE-2017-17440: libextractor - GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL ...↗2017

▶

💬Community

Bugzilla

CVE-2017-17440 libextractor: NULL pointer dereference in the EXTRACTOR_xm_extract_method function [fedora-all]↗2017-12-11

▶

Bugzilla

CVE-2017-17440 libextractor: NULL pointer dereference in the EXTRACTOR_xm_extract_method function↗2017-12-11

▶