Heap-based Buffer Over-read in GNU Libextractor Affects Multiple Versions
CVE-2019-15531

6.5MEDIUM

Key Information:

Vendor
Gnu
Status
Libextractor
Vendor
CVE Published:
23 August 2019

Summary

GNU Libextractor, up to version 1.9, has a vulnerability that can lead to a heap-based buffer over-read in the EXTRACTOR_dvi_extract_method function located in plugins/dvi_extractor.c. This issue could potentially allow attackers to read sensitive data or execute arbitrary code. Users of vulnerable versions are encouraged to update to the latest secure release to mitigate this risk.

References

https://bugs.gnunet.org/view.php?id=5846
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/08/msg0...
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.