NULL Pointer Dereference in GNU Libextractor Affects Processing of Metadata
CVE-2018-20431

6.5MEDIUM

Key Information:

Vendor

Gnu
Status
Libextractor
Vendor
CVE Published:
24 December 2018

What is CVE-2018-20431?

A NULL Pointer Dereference vulnerability exists in the function process_metadata() within GNU Libextractor versions up to 1.8. This flaw occurs in the plugins/ole2_extractor.c file, which may lead to application instability when processing specific metadata structures. Attackers could potentially exploit this vulnerability to cause denial of service or unintended behavior in applications utilizing this library.

References

https://gnunet.org/bugs/view.php?id=5494
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/12/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4361
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.