Vulnerabilities > CVE-2018-14346 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4290.NASL description Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 117435 published 2018-09-12 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117435 title Debian DSA-4290-1 : libextractor - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1478.NASL description It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type. - A stack-based buffer overflow in unzip.c. (CVE-2018-14346) - An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347) For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 112127 published 2018-08-28 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112127 title Debian DLA-1478-1 : libextractor security update