[USN-4641-1] libextractor vulnerabilities
Mike Salvatore
mike.salvatore at canonical.com
Mon Nov 23 18:06:58 UTC 2020
==========================================================================
Ubuntu Security Notice USN-4641-1
November 23, 2020
libextractor vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libextractor.
Software Description:
- libextractor: library used to extract metadata from files
Details:
It was discovered that Libextractor incorrectly handled zero sample rate.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15266)
It was discovered that Libextractor incorrectly handled certain FLAC
metadata. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15267)
It was discovered that Libextractor incorrectly handled certain specially
crafted files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)
It was discovered that Libextractor incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15601)
It was discovered that Libextractor incorrectly handled integers. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15602)
It was discovered that Libextractore incorrectly handled certain crafted
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15922)
It was discovered tha Libextractor incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-17440)
It was discovered that Libextractor incorrectly handled certain malformed
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14346)
It was discovered that Libextractor incorrectly handled malformed files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14347)
It was discovered that Libextractor incorrectly handled metadata. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20431)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
extract 1:1.3-4+deb9u3build0.16.04.1
libextractor-dev 1:1.3-4+deb9u3build0.16.04.1
libextractor3 1:1.3-4+deb9u3build0.16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4641-1
CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601,
CVE-2017-15602, CVE-2017-15922, CVE-2017-17440, CVE-2018-14346,
CVE-2018-14347, CVE-2018-16430, CVE-2018-20430, CVE-2018-20431
Package Information:
https://launchpad.net/ubuntu/+source/libextractor/1:1.3-4+deb9u3build0.16.04.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20201123/17156719/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list