Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA-1478-1] libextractor security update)
Information
Severity
Severity
Medium
Family
Family
Debian Local Security Checks
CVSSv2 Base
CVSSv2 Base
6.8
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
5 years ago
Modified
Modified
5 years ago
Summary
It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type. * A stack-based buffer overflow in unzip.c. (CVE-2018-14346) * An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347)
Affected Software
Affected Software
libextractor on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For Debian 8 'Jessie', these issues have been fixed in libextractor version 1:1.3-2+deb8u2. We recommend that you upgrade your libextractor packages.