CVE-2006-2458
EPSS 31.0%libextractor - buffer overflow
Published: 5/1/2022Modified: 4/28/2026
Description
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Affected packages (4)
- Debian/libextractorfrom 0, < 0.5.14-1
- Debian/libextractorfrom 0, < 0.4.2-2sarge5
- PyPI/extractor
- PyPI/extractor
References (19)
- ADVISORYhttp://secunia.com/advisories/20150
- ADVISORYhttp://secunia.com/advisories/20160
- ADVISORYhttp://secunia.com/advisories/20326
- ADVISORYhttp://secunia.com/advisories/20457
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2006-2458
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2458
- ADVISORYhttp://www.novell.com/linux/security/advisories/2006-06-02.html
- ADVISORYhttp://www.vupen.com/english/advisories/2006/1848
- PATCHhttp://securitytracker.com/id?1016118
- PATCHhttp://www.securityfocus.com/bid/18021
- WEBhttp://gnunet.org/libextractor
- WEBhttp://gnunet.org/libextractor/
- WEBhttp://securityreason.com/securityalert/916
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/26531
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/26532
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
- WEBhttp://www.debian.org/security/2006/dsa-1081
- WEBhttp://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
- WEBhttp://www.securityfocus.com/archive/1/434288/100/0/threaded