Denial of Service Vulnerability in GNU Libextractor Software
CVE-2017-17440

6.5MEDIUM

Key Information:

Vendor

Gnu
Status
Libextractor
Vendor
CVE Published:
6 December 2017

What is CVE-2017-17440?

The vulnerability in GNU Libextractor version 1.6 allows remote attackers to trigger a denial of service through crafted multimedia files such as GIF, Impulse Tracker (IT), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module). This exploitation can lead to null pointer dereferences and application crashes, primarily demonstrated in the EXTRACTOR_xm_extract_method function within the xm_extractor.c plugin. Users of this software should be vigilant to protect against potential malicious attacks that could disrupt service.

References

https://lists.gnu.org/archive/html/bug-libextractor/2017-...
x_refsource_MISC
https://bugs.debian.org/883528#35
x_refsource_MISC
https://lists.gnu.org/archive/html/bug-libextractor/2017-...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.