Out-of-Bounds Read Vulnerability in GNU Libextractor Affects Multiple Extractor Functions
CVE-2018-20430

6.5MEDIUM

Key Information:

Vendor
Gnu
Vendor
CVE Published:
24 December 2018

Summary

GNU Libextractor, up to version 1.8, contains an out-of-bounds read vulnerability found in the function history_extract() within the ole2_extractor plugin. This issue arises from improper handling of data related to character conversion in EXTRACTOR_common_convert_to_utf8, potentially leading to unintended information disclosure or stability issues. Users and administrators are advised to update to the latest version to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.