CVE-2017-17440

Name of the Vulnerable Software and Affected Versions GNU Libextractor version 1.6

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted file of specific formats, including GIF, IT, NSFE, S3M, SID, or XM. This is demonstrated by the EXTRACTOR xm extract method function in plugins/xm extractor.c.

Recommendations For GNU Libextractor version 1.6, consider avoiding the use of the EXTRACTOR xm extract method function in plugins/xm extractor.c until a patch is available. Restrict access to file formats that can trigger the issue, such as GIF, IT, NSFE, S3M, SID, or XM files, to minimize the risk of exploitation.