USN-4641-1: libextractor vulnerabilities
Publication date
23 November 2020
Overview
Several security issues were fixed in libextractor.
Releases
Packages
- libextractor - library used to extract metadata from files
Details
It was discovered that Libextractor incorrectly handled zero sample rate.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15266)
It was discovered that Libextractor incorrectly handled certain FLAC
metadata. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15267)
It was discovered that Libextractor incorrectly handled certain specially
crafted files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)
It was discovered that Libextractor incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(
It was discovered that Libextractor incorrectly handled zero sample rate.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15266)
It was discovered that Libextractor incorrectly handled certain FLAC
metadata. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15267)
It was discovered that Libextractor incorrectly handled certain specially
crafted files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)
It was discovered that Libextractor incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15601)
It was discovered that Libextractor incorrectly handled integers. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15602)
It was discovered that Libextractore incorrectly handled certain crafted
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15922)
It was discovered tha Libextractor incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-17440)
It was discovered that Libextractor incorrectly handled certain malformed
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14346)
It was discovered that Libextractor incorrectly handled malformed files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14347)
It was discovered that Libextractor incorrectly handled metadata. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20431)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 16.04 xenial | extract – 1:1.3-4+deb9u3build0.16.04.1 | ||
| libextractor-dev – 1:1.3-4+deb9u3build0.16.04.1 | |||
| libextractor3 – 1:1.3-4+deb9u3build0.16.04.1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2018-20431
- CVE-2018-20430
- CVE-2018-16430
- CVE-2018-14347
- CVE-2018-14346
- CVE-2017-17440
- CVE-2017-15922
- CVE-2017-15602
- CVE-2017-15601
- CVE-2017-15600
- CVE-2018-20431
- CVE-2018-20430
- CVE-2018-16430
- CVE-2018-14347
- CVE-2018-14346
- CVE-2017-17440
- CVE-2017-15922
- CVE-2017-15602
- CVE-2017-15601
- CVE-2017-15600
- CVE-2017-15267
- CVE-2017-15266