GHSA-f836-7jqw-3684
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f836-7jqw-3684
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f836-7jqw-3684/GHSA-f836-7jqw-3684.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-f836-7jqw-3684
- Aliases
- Published
- 2022-05-01T06:59:15Z
- Modified
- 2024-11-26T16:16:44Z
- Summary
- Libextractor multiple heap-based buffer overflows
- Details
-
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asfreadheader function in the ASF plugin (plugins/asfextractor.c), and (2) the parsetrakatom function in the QT plugin (plugins/qtextractor.c).
- Database specific
{ "nvd_published_at": "2006-05-18T23:02:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-11-22T20:15:58Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2006-2458
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
- https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
- http://gnunet.org/libextractor
- http://www.debian.org/security/2006/dsa-1081
- http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
Affected packages
PyPI / extractor
Package
- Name
- extractor
- View open source insights on deps.dev
- Purl
- pkg:pypi/extractor