Heap-Based Buffer Overflow in GNU Libextractor Affects PNG Extractor Function
CVE-2017-15601
7.5HIGH
Summary
In GNU Libextractor version 1.4, a heap-based buffer overflow exists within the EXTRACTOR_png_extract_method function, specifically linked to the handling of processiTXt and stndup operations. This vulnerability poses a risk as it can allow an attacker to exploit memory corruption, potentially leading to arbitrary code execution or other malicious activities. Users are advised to upgrade to the latest version of Libextractor to mitigate this risk.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved