NULL Pointer Dereference in GNU Libextractor Affects Processing of Metadata
CVE-2018-20431
6.5MEDIUM
Summary
A NULL Pointer Dereference vulnerability exists in the function process_metadata() within GNU Libextractor versions up to 1.8. This flaw occurs in the plugins/ole2_extractor.c file, which may lead to application instability when processing specific metadata structures. Attackers could potentially exploit this vulnerability to cause denial of service or unintended behavior in applications utilizing this library.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved