CVE-2006-2458

Name of the Vulnerable Software and Affected Versions libextractor versions prior to 0.5.14

Description The issue concerns multiple heap-based buffer overflows in libextractor, which can be exploited remotely to execute arbitrary code. This can lead to a breach of confidentiality and integrity of protected information. The exploitation can be carried out via functions such as the asf read header function in the ASF plugin and the parse trak atom function in the QT plugin.

Recommendations For versions prior to 0.5.14, update to version 0.5.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable plugins, such as the ASF and QT plugins, until a patch is available. Avoid using the asf read header and parse trak atom functions in the affected plugins until the issue is resolved.