Vulnerabilities > CVE-2018-14346 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
debian
gnu
CWE-787
nessus
NVD
Published: 2018-07-17
Updated: 2024-11-21

Summary

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

Vulnerable Configurations

Part Description Count
OS
Debian
2
Application
Gnu
18

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4290.NASL
    descriptionSeveral vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id117435
    published2018-09-12
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117435
    titleDebian DSA-4290-1 : libextractor - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1478.NASL
    descriptionIt was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type. - A stack-based buffer overflow in unzip.c. (CVE-2018-14346) - An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347) For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id112127
    published2018-08-28
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112127
    titleDebian DLA-1478-1 : libextractor security update

References