Skip to main content

Libextractor CVE-2018-16430

HIGH
Out-of-bounds Read (CWE-125)
2018-09-04 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 04, 2018 - 00:29 nvd
HIGH 8.8

DescriptionNVD

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.

AnalysisAI

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. Affected products include: Gnu Libextractor, Debian Debian Linux. Version information: through 1.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2018-14346 HIGH POC
8.8 Jul 17

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). Rated high severity (CVSS

CVE-2017-15600 HIGH POC
7.5 Oct 18

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf

CVE-2017-15267 HIGH POC
7.5 Oct 11

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. Rated high severity (

CVE-2017-15601 HIGH POC
7.5 Oct 18

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/p

CVE-2017-15602 HIGH POC
7.5 Oct 18

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method fu

CVE-2017-17440 MEDIUM POC
6.5 Dec 06

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application cras

CVE-2018-20431 MEDIUM POC
6.5 Dec 24

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/

CVE-2018-20430 MEDIUM POC
6.5 Dec 24

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_e

CVE-2018-14347 MEDIUM POC
6.5 Jul 17

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

CVE-2017-15266 MEDIUM POC
5.5 Oct 11

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample

CVE-2017-15922 MEDIUM POC
5.5 Oct 26

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extr

CVE-2019-15531 MEDIUM
6.5 Aug 23

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/d

Share

CVE-2018-16430 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy