Skip to content

Libextractor multiple heap-based buffer overflows

Moderate severity GitHub Reviewed Published May 1, 2022 to the GitHub Advisory Database • Updated Nov 26, 2024

Package

pip extractor (pip)

Affected versions

= 0.5

Patched versions

None

Description

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

References

Published by the National Vulnerability Database May 18, 2006
Published to the GitHub Advisory Database May 1, 2022
Reviewed Nov 22, 2024
Last updated Nov 26, 2024

Severity

Moderate

EPSS score

24.132%
(97th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2006-2458

GHSA ID

GHSA-f836-7jqw-3684

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.