Vulnerabilities > CVE-2018-14347 - Infinite Loop vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4290.NASL description Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 117435 published 2018-09-12 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117435 title Debian DSA-4290-1 : libextractor - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1478.NASL description It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type. - A stack-based buffer overflow in unzip.c. (CVE-2018-14346) - An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347) For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 112127 published 2018-08-28 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112127 title Debian DLA-1478-1 : libextractor security update
References
- http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
- https://gnunet.org/bugs/view.php?id=5399
- https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
- https://lists.debian.org/debian-lts-announce/2018/08/msg00025.html
- https://www.debian.org/security/2018/dsa-4290