Vulnerabilities > CVE-2018-14347 - Infinite Loop vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
debian
gnu
CWE-835
nessus

Summary

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4290.NASL
    descriptionSeveral vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id117435
    published2018-09-12
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117435
    titleDebian DSA-4290-1 : libextractor - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1478.NASL
    descriptionIt was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type. - A stack-based buffer overflow in unzip.c. (CVE-2018-14346) - An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347) For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id112127
    published2018-08-28
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112127
    titleDebian DLA-1478-1 : libextractor security update