CVE-2017-15601

Опубликовано: 18 окт. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

Ссылки

http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
Exploit
Mailing List
Third Party Advisory
https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
Product
https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
Exploit
Mailing List
Third Party Advisory
https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz
Product
https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:libextractor:1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00432

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-15601

CVSS3: 7.5

ubuntu

больше 8 лет назад

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

CVE-2017-15601

CVSS3: 7.5

debian

больше 8 лет назад

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...

GHSA-mcff-xj38-6fvh

CVSS3: 7.5

github

больше 3 лет назад

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

EPSS

Процентиль: 62%

0.00432

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119