Gnu Libextractor vulnerabilities
29 known vulnerabilities affecting gnu/libextractor.
Total CVEs
29
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM14LOW1
Vulnerabilities
Page 1 of 2
CVE-2019-15531MEDIUMCVSS 6.5≤ 1.92019-08-23
CVE-2019-15531 [MEDIUM] CWE-125 CVE-2019-15531: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
nvdosv
CVE-2018-20431MEDIUMCVSS 6.5≤ 1.82018-12-24
CVE-2018-20431 [MEDIUM] CWE-476 CVE-2018-20431: GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_me
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
nvdosv
CVE-2018-20430MEDIUMCVSS 6.5≤ 1.82018-12-24
CVE-2018-20430 [MEDIUM] CWE-125 CVE-2018-20430: GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
nvdosv
CVE-2018-16430HIGHCVSS 8.8≤ 1.72018-09-04
CVE-2018-16430 [HIGH] CWE-125 CVE-2018-16430: GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
nvdosv
CVE-2018-14346HIGHCVSS 8.8fixed in 1.72018-07-17
CVE-2018-14346 [HIGH] CWE-787 CVE-2018-14346: GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
nvdosv
CVE-2018-14347MEDIUMCVSS 6.5fixed in 1.72018-07-17
CVE-2018-14347 [MEDIUM] CWE-835 CVE-2018-14347: GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
nvdosv
CVE-2017-17440MEDIUMCVSS 6.5v1.62017-12-06
CVE-2017-17440 [MEDIUM] CWE-476 CVE-2017-17440: GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
nvdosv
CVE-2017-15922MEDIUMCVSS 5.5v1.42017-10-26
CVE-2017-15922 [MEDIUM] CWE-125 CVE-2017-15922: In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
nvdosv
CVE-2017-15601HIGHCVSS 7.5v1.42017-10-18
CVE-2017-15601 [HIGH] CWE-119 CVE-2017-15601: In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method f
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
nvdosv
CVE-2017-15600HIGHCVSS 7.5v1.42017-10-18
CVE-2017-15600 [HIGH] CWE-476 CVE-2017-15600: In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method fun
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
nvdosv
CVE-2017-15602HIGHCVSS 7.5v1.42017-10-18
CVE-2017-15602 [HIGH] CWE-835 CVE-2017-15602: In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_ns
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
nvdosv
CVE-2017-15267HIGHCVSS 7.5v1.42017-10-11
CVE-2017-15267 [HIGH] CWE-476 CVE-2017-15267: In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
nvdosv
CVE-2017-15266MEDIUMCVSS 5.5v1.42017-10-11
CVE-2017-15266 [MEDIUM] CWE-369 CVE-2017-15266: In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
nvdosv
CVE-2009-3736MEDIUMCVSS 6.9≥ 0, < 0.5.23+dfsg-42009-11-29
CVE-2009-3736 [MEDIUM] CVE-2009-3736: ltdl
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
osv
CVE-2007-5393CRITICALCVSS 9.3≥ 0, < 0.5.12-12007-11-08
CVE-2007-5393 [CRITICAL] CVE-2007-5393: Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
osv
CVE-2007-5392CRITICALCVSS 9.3≥ 0, < 0.5.12-12007-11-08
CVE-2007-5392 [CRITICAL] CVE-2007-5392: Integer overflow in the DCTStream::reset method in xpdf/Stream
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
osv
CVE-2007-4352HIGHCVSS 7.6≥ 0, < 0.5.12-12007-11-08
CVE-2007-4352 [HIGH] CVE-2007-4352: Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
osv
CVE-2007-3387MEDIUMCVSS 6.8≥ 0, < 0.5.12-12007-07-30
CVE-2007-3387 [MEDIUM] CVE-2007-3387: Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
osv
CVE-2006-2458MEDIUMCVSS 4.0PoC≥ 0, < 0.5.14-12006-05-18
CVE-2006-2458 [MEDIUM] CVE-2006-2458: Multiple heap-based buffer overflows in Libextractor 0
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
osv
CVE-2006-0301HIGHCVSS 7.5≥ 0, < 0.5.10-12006-01-30
CVE-2006-0301 [HIGH] CVE-2006-0301: Heap-based buffer overflow in Splash
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
osv
1 / 2Next →