Heap-Based Buffer Overflow in GNU Libextractor Affects PNG Extractor Function
CVE-2017-15601

7.5HIGH

Key Information:

Vendor
Gnu
Status
Libextractor
Vendor
CVE Published:
18 October 2017

Summary

In GNU Libextractor version 1.4, a heap-based buffer overflow exists within the EXTRACTOR_png_extract_method function, specifically linked to the handling of processiTXt and stndup operations. This vulnerability poses a risk as it can allow an attacker to exploit memory corruption, potentially leading to arbitrary code execution or other malicious activities. Users are advised to upgrade to the latest version of Libextractor to mitigate this risk.

References

https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2017/12/msg0...
mailing-listx_refsource_MLIST
http://lists.gnu.org/archive/html/bug-libextractor/2017-1...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.