Denial of Service Vulnerability in GNU Libextractor Software
CVE-2017-17440
6.5MEDIUM
Summary
The vulnerability in GNU Libextractor version 1.6 allows remote attackers to trigger a denial of service through crafted multimedia files such as GIF, Impulse Tracker (IT), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module). This exploitation can lead to null pointer dereferences and application crashes, primarily demonstrated in the EXTRACTOR_xm_extract_method function within the xm_extractor.c plugin. Users of this software should be vigilant to protect against potential malicious attacks that could disrupt service.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved