CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-15531
https://notcve.org/view.php?id=CVE-2019-15531
23 Aug 2019 — GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. GNU Libextractor hasta la versión 1.9 tiene una sobre-lectura de búfer basada en el montón en la función EXTRACTOR_dvi_extract_method en plugins / dvi_extractor.c. • https://bugs.gnunet.org/view.php?id=5846 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20430 – Debian Security Advisory 4361-1
https://notcve.org/view.php?id=CVE-2018-20430
24 Dec 2018 — GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. GNU Libextractor, hasta la versión 1.8, tiene una vulnerabilidad de lectura fuera de límites en la función history_extract() en plugins/ole2_extractor.c, relacionada con EXTRACTOR_common_convert_to_utf8 en common/convert.c. Several vulnerabilities were discovered in libextractor, a library to extract arbitrary met... • http://www.securityfocus.com/bid/106300 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20431 – Ubuntu Security Notice USN-4641-1
https://notcve.org/view.php?id=CVE-2018-20431
24 Dec 2018 — GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. GNU Libextractor, hasta la versión 1.8, tiene una desreferencia de puntero NULL en la función process_metadata() en plugins/ole2_extractor.c. It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain FLAC metadata. • http://www.securityfocus.com/bid/106300 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 1CVE-2018-16430 – Debian Security Advisory 4290-1
https://notcve.org/view.php?id=CVE-2018-16430
04 Sep 2018 — GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. GNU Libextractor hasta la versión 1.7 tiene una vulnerabilidad de lectura fuera de límites en EXTRACTOR_zip_extract_method() en zip_extractor.c. Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened. • http://www.securityfocus.com/bid/105254 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14346 – Ubuntu Security Notice USN-4641-1
https://notcve.org/view.php?id=CVE-2018-14346
17 Jul 2018 — GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). GNU Libextractor en versiones anteriores a la 1.7 tiene un desbordamiento de búfer basado en pila en ec_read_file_func (unzip.c). It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain FLAC metadata. • http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2018-14347 – Ubuntu Security Notice USN-4641-1
https://notcve.org/view.php?id=CVE-2018-14347
17 Jul 2018 — GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). GNU Libextractor en versiones anteriores a la 1.7 contiene una vulnerabilidad de bucle infinito en EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain FLAC metadata. • http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 3%CPEs: 39EXPL: 0CVE-2006-1244
https://notcve.org/view.php?id=CVE-2006-1244
15 Mar 2006 — Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE... • http://secunia.com/advisories/18948 •
CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1CVE-2005-3624 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and ... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 11%CPEs: 127EXPL: 1CVE-2005-3625 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3625
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from f... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 9%CPEs: 127EXPL: 1CVE-2005-3626 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3626
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the applicati... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •