CVE-2018-20430

Name of the Vulnerable Software and Affected Versions GNU Libextractor versions prior to 1.9

Description The issue is related to an out-of-bounds read in the history extract() function in plugins/ole2 extractor.c, which is connected to EXTRACTOR common convert to utf8 in common/convert.c. Additionally, the process metadata function in ole2 extractor.c is also associated with this out-of-bounds read problem. This could potentially allow a remote attacker to cause a denial of service or disclose protected information.

Recommendations For GNU Libextractor versions prior to 1.9, consider updating to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider disabling the history extract() function in plugins/ole2 extractor.c until a patch is available. Restrict access to the ole2 extractor.c module to minimize the risk of exploitation.