PT-2017-14125 · Gnu+2 · Gnu Libextractor+2
Leon Zhao
·
Published
2017-10-17
·
Updated
2020-11-23
·
CVE-2017-15601
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GNU Libextractor version 1.4
Description
The issue is related to a heap-based buffer overflow in the
EXTRACTOR png extract method function, specifically in the processing of TXt and the use of stndup.Recommendations
For GNU Libextractor version 1.4, consider disabling the
EXTRACTOR png extract method function in plugins/png extractor.c until a patch is available.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Gnu Libextractor
Ubuntu