CVE-2017-17440

6.5MEDIUM

Key Information:

Vendor
Gnu
Status
Libextractor
Vendor
CVE Published:
6 December 2017

Summary

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

References

https://lists.gnu.org/archive/html/bug-libextractor/2017-...
x_refsource_MISC
https://bugs.debian.org/883528#35
x_refsource_MISC
https://lists.gnu.org/archive/html/bug-libextractor/2017-...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.