Divide-By-Zero Vulnerability in GNU Libextractor by GNU
CVE-2017-15266

5.5MEDIUM

Key Information:

Vendor

Gnu
Status
Libextractor
Vendor
CVE Published:
11 October 2017

What is CVE-2017-15266?

In version 1.4 of GNU Libextractor, a Divide-By-Zero vulnerability exists in the EXTRACTOR_wav_extract_method function, located in wav_extractor.c. This vulnerability can be triggered by providing a zero sample rate, which may lead to unexpected behavior in applications using the library. It is crucial for developers and system administrators to review and apply the appropriate security updates to mitigate potential exploitation risks.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1499599
x_refsource_MISC
http://openwall.com/lists/oss-security/2017/10/11/1
x_refsource_MISC
http://lists.gnu.org/archive/html/bug-libextractor/2017-1...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.