CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14346
https://notcve.org/view.php?id=CVE-2018-14346
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). GNU Libextractor en versiones anteriores a la 1.7 tiene un desbordamiento de búfer basado en pila en ec_read_file_func (unzip.c). • http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html https://www.debian.org/security/2018/dsa-4290 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15922
https://notcve.org/view.php?id=CVE-2017-15922
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. En GNU Libextractor 1.4, existe una lectura fuera de límites en la función EXTRACTOR_dvi_extract_method function en plugins/dvi_extractor.c. • http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html http://www.securityfocus.com/bid/101595 https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15602
https://notcve.org/view.php?id=CVE-2017-15602
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. En GNU Libextractor 1.4, hay un error en la propiedad signedness de un número entero para el tamaño de fragmento en la función EXTRACTOR_nsfe_extract_method en plugins/nsfe_extractor.c, lo que conduce a un bucle infinito para un tamaño manipulado. • http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15601
https://notcve.org/view.php?id=CVE-2017-15601
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. En GNU Libextractor 1.4, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función EXTRACTOR_png_extract_method en plugins/png_extractor.c, relacionado con processiTXt y stndup. • http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15600
https://notcve.org/view.php?id=CVE-2017-15600
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. En GNU Libextractor 1.4, hay una desreferencia de puntero NULL en la función EXTRACTOR_nsf_extract_method de plugins/nsf_extractor.c. • http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html https://bugzilla.redhat.com/show_bug.cgi?id=1501695 https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html • CWE-476: NULL Pointer Dereference •