CVE-2018-20431

Name of the Vulnerable Software and Affected Versions GNU Libextractor versions prior to 1.9

Description The issue is related to a NULL Pointer Dereference in the process metadata() function, located in the ole2 extractor.c file. This can be exploited by a remote attacker using a specially crafted OLE file, potentially leading to a denial of service or memory content disclosure.

Recommendations For GNU Libextractor versions prior to 1.9, consider updating to version 1.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ole2 extractor.c plugin to minimize the risk of exploitation.