Your submission was sent successfully! Close

CVE-2019-15531

Published: 23 August 2019

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.

From the Ubuntu security team

It was discovered that Libextractor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libextractor
Launchpad, Ubuntu, Debian
bionic Needed

disco Ignored
(reached end-of-life)
eoan Not vulnerable
(1:1.9-2)
focal Not vulnerable
(1:1.9-2)
groovy Not vulnerable
(1:1.9-2)
hirsute Not vulnerable
(1:1.9-2)
impish Not vulnerable
(1:1.9-2)
jammy Not vulnerable
(1:1.9-2)
precise Does not exist

trusty Does not exist

upstream
Released (1:1.9-2)
xenial Ignored
(end of standard support, was needed)