|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200605-14] libextractor: Two heap-based buffer overflows Vulnerability Scan
Vulnerability Scan Summary libextractor: Two heap-based buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200605-14
(libextractor: Two heap-based buffer overflows)
Luigi Auriemma has found two heap-based buffer overflows in
libextractor 0.5.13 and earlier: one of them occurs in the
asf_read_header function in the ASF test, and the other occurs in the
parse_trak_atom function in the Qt test.
Impact
By enticing a user to open a malformed file using an application
that employs libextractor and its ASF or Qt tests, a possible hacker could
execute arbitrary code in the context of the application running the
affected library.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458
http://aluigi.altervista.org/adv/libextho-adv.txt
Solution:
All libextractor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.14"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|